Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert (https://www.trojaner-board.de/215387-win-11-facebook-warnmeldung-hereingefallen-pc-laeuft-langsamer-ms-defender-blockiert.html)

Bernd Brot 15.05.2025 17:33
Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert
 
Hallo,
bin blöderweise auf eine Facebook Warnmeldung hereingefallen und habe den link zum Einspruch angeklickt.
Daraufhin habe ich einen kostenlosen ESET Scan durchgeführt, der 3 Funde angezeigt hatte.
Zwei wurden gelöscht, einer konnte nicht entfernt werden. Leider sehe ich keine Logfiles mehr.
Weitere Scans mittels ESET, Malwarebytes und Avira brachten keine weiteren Funde mehr.
Danach habe ich einen MS Defender Vollscan durchgeführt, auch ohne Fund.
Die Microsoft Defender Antivirus Onlineüberprüfung wird blockiert, auch läuft mein System seither langsamer.

Betreibe nebenher noch ein kleines Gewerbe mit Reportagefotografie ohne nennenswerte Umsätze.
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-05-2025
durchgeführt von emqi- (Administrator) auf EMQI-LIVINGPICS (Micro-Star International Co., Ltd. MS-7E26) (15-05-2025 17:29:22)
Gestartet von C:\Users\emqi-\Downloads\FRST64.exe
Geladene Profile: emqi-
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.Messaging.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\js\node_modules\adobe-cr\build\Release\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe ->) (WacomCenterUI) [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe
(C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe <13>
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co., Ltd.) C:\Program Files\Tablet\Wacom\WacomHost.exe
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atieclxx.exe
(explorer.exe ->) (ESET, spol. s r.o. -> ESET) C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <18>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.24.8.36\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.24.8.36\nsWscSvc.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.9.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-03-24] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1145256 2025-04-15] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [MicrosoftEdgeAutoLaunch_3753AF0C68244FA81F8581C5B5045ECE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {FD837572-E5D5-461B-B63C-7D646B9552DC} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1035472 2024-11-28] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {65641C37-41B7-4D1F-B470-87FA608FF700} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {463E8286-D70F-4682-90C2-5B32E948C776} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\System32\sc.exe [102400 2024-10-29] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {E4379253-C200-4620-9822-BF19484ECEDC} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {E4379253-C200-4620-9822-BF19484ECEDC} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {E4379253-C200-4620-9822-BF19484ECEDC} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {49B0FE42-2EDC-4887-B8D7-1FA298B5B1B6} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [263248 2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {B103225D-1BDA-410E-9BD9-5BF5837510D0} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1794248 2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {D715A62C-10B0-46DA-B545-6E2ABF749941} - System32\Tasks\Avira_Security_Update => C:\Windows\System32\net.exe [81920 2024-10-29] (Microsoft Windows -> Microsoft Corporation)
Task: {FD9964E7-1B6A-43C2-85AD-16D36458FB95} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [36817136 2025-05-14] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {85B83905-898B-4973-9EEC-230FDAB20760} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-03-24] (ESET, spol. s r.o. -> ESET)
Task: {92A6E3F6-ADA2-464D-A8E3-E0E8FC353AF0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-03-24] (ESET, spol. s r.o. -> ESET)
Task: {C2B0E3F9-2A9A-46D6-8500-9F4F81B1C0E8} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194048 2025-04-14] (Adobe Inc. -> Adobe Inc.)
Task: {9907CA05-5F39-4047-8255-D1F3763F6975} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5201D26D-040E-48BA-A02F-6A27F838E3B5} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {63A6A830-237D-4D8C-947E-43BFCC2DBD98} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CB3F895-FFEF-462C-A019-77DC140A20DB} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68392 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FC9062A-83D4-4E9A-9496-944E1E3C4816} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A525066-2543-40CF-8C50-68822679C2F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {511C3F4D-57AD-4C16-A922-B04DC2F38364} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {948813CB-2586-4707-A292-1C26C122F801} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [213216 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {40BFBA0D-FC02-4F23-B745-EB36A3FB6214} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [214836568 2025-05-14] (Microsoft Windows -> Microsoft Corporation) -> C:\Windows\system32\/EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x80072ee7"
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {EC321559-8DD9-4834-A5B5-A3D5F0458A38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E6CDDE9C-EA8C-4E56-ACDE-9115C966289E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2F4BA091-46F6-46A4-8D86-8DBC074BC574} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1619788B-F44C-4E6A-BF35-892A8EAB0E07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D80CDC39-C24E-4ECF-9FC7-F0713D013101} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DD2C0B0E-B6F5-4735-B579-0B0FD439A698} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {352CA8DA-CAB1-4639-BE57-72BE012BC051} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1035472 2024-11-28] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {703B758E-B8B5-4209-809C-1FDFC66DABC1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-76596380-2333717119-1847427047-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {F09DEF76-FAA8-4679-817E-49DDDCE11E27} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {8C165554-6E4E-4C99-A20E-DCE4151A234C} - System32\Tasks\Norton 360\Norton 360 Autofix => C:\Program Files\Norton Security\Engine\22.24.8.36\symerr.exe [379024 2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {B6140BA9-F88B-4478-9F1B-1FB4ECC6B80B} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton Security\Engine\22.24.8.36\symerr.exe [379024 2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {98A8AC9D-B05D-4CEF-A756-6AE0C5AFE562} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton Security\Engine\22.24.8.36\symerr.exe [379024 2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
Task: {B21223E3-9EE7-4D7C-A082-A25B112736B6} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.24.8.36\WSCStub.exe [646520 2024-09-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {FEA95ACC-3B6C-4EDF-B8A9-6C6B82EF555B} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2353000 2024-09-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {FF61CB78-91BB-420F-94A2-92CB9B61CBB9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [139472 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {0452EA46-B53C-4219-AB38-A7E0AA457AA1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpDomain] speedport.ip

Edge:
=======
Edge Profile: C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-15]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=NMTE
Edge Extension: (Avira Password Manager) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2025-05-14]
Edge Extension: (Google Docs Offline) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-27]
Edge Extension: (Edge relevant text changes) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-03-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF DefaultProfile: gtxv1m88.default
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\gtxv1m88.default [2025-03-24]
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release [2025-05-15]
FF Notifications: Mozilla\Firefox\Profiles\0z7ao6fm.default-release -> hxxps://www.youtube.com; hxxps://www.instagram.com; hxxps://www.reutlingen.de; hxxps://www.schwarzwaelder-bote.de; hxxps://www.pinterest.de; hxxps://www.crowdcast.io; hxxps://www.jinbei-deutschland.de; hxxps://www.facebook.com
FF Extension: (Activist – Balanced) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-17]
FF Extension: (HTTPS Everywhere) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (uBlock Origin) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-03-22]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
FF Extension: (Mobile View Switcher) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{fa247c57-77ac-41cd-b942-332051e15ced}.xpi [2022-07-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-04-15] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe [525608 2024-10-06] (Advanced Micro Devices -> AMD)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6843728 2025-05-14] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2977248 2024-07-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [404280 2025-03-25] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [269312 2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [300288 2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13824240 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
S3 CorsairDeviceControlService; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe [2430504 2024-10-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [12217680 2025-04-07] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [12217680 2025-04-07] (Avira Operations GmbH -> Avira Operations GmbH)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9406208 2025-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.24.8.36\NortonSecurity.exe [344888 2024-09-13] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.24.8.36\nsWscSvc.exe [1059176 2024-09-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZTHELPER; C:\Windows\System32\zthelper.dll [146096 2025-05-14] (Microsoft Windows -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrmgr.sys [36016 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33592 2024-09-12] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_d4de13a10f2586d0\amdsafd.sys [112952 2024-06-15] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\amdkmdag.sys [110965144 2024-12-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [179768 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [223296 2025-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Avira Operations GmbH)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.10.9\Definitions\BASHDefs\20250403.001\BHDrvx64.sys [1706496 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [200704 2024-10-29] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\Windows\System32\drivers\NGCx64\1618080.024\ccSetx64.sys [199256 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23616 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [536216 2025-04-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [167576 2025-04-07] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.10.9\Definitions\IPSDefs\20250404.064\IDSvia64.sys [1565712 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterx64; C:\Windows\System32\drivers\mtkbtfilterx.sys [345056 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1587680 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [119656 2025-03-24] (Avira Operations GmbH -> Avira Operations GmbH)
S3 nsvst_NGC; C:\Windows\System32\drivers\NGCx64\1618080.024\nsvst.sys [50400 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> NortonLifeLock Inc.)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
R1 rtp1; C:\Windows\System32\DRIVERS\rtp1.sys [440488 2025-03-31] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp2; C:\Windows\System32\DRIVERS\rtp2.sys [440464 2025-03-31] (Avira Operations GmbH -> Avira Operations GmbH)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28792 2025-03-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH)
R3 SRTSP; C:\Windows\System32\drivers\NGCx64\1618080.024\SRTSP64.SYS [962264 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\Windows\System32\drivers\NGCx64\1618080.024\SRTSPX64.SYS [53968 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\Windows\System32\drivers\NGCx64\1618080.024\SYMEFASI64.SYS [2181336 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\Windows\System32\drivers\NGCx64\1618080.024\SymELAM.sys [37016 2024-09-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100344 2024-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.10.9\SymPlatform\SymEvnt.sys [934912 2025-03-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\Windows\System32\drivers\NGCx64\1618080.024\Ironx64.SYS [307912 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\Windows\System32\drivers\NGCx64\1618080.024\symnets.sys [493672 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 ThermalFilter; C:\Windows\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\Windows\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_8d863c975b4367df\wini3ctarget.sys [79288 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\Windows\System32\drivers\NGCx64\1618080.024\wpCtrlDrv.sys [1016792 2024-09-13] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ACHTUNG
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-15 17:29 - 2025-05-15 17:29 - 000034768 _____ C:\Users\emqi-\Downloads\FRST.txt
2025-05-15 17:28 - 2025-05-15 17:29 - 000000000 ____D C:\FRST
2025-05-15 17:27 - 2025-05-15 17:27 - 002405888 _____ (Farbar) C:\Users\emqi-\Downloads\FRST64.exe
2025-05-15 17:21 - 2025-05-15 17:21 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-05-15 16:30 - 2025-05-15 16:30 - 000707760 _____ C:\Windows\system32\perfh007.dat
2025-05-15 16:30 - 2025-05-15 16:30 - 000150734 _____ C:\Windows\system32\perfc007.dat
2025-05-14 23:40 - 2025-05-15 06:28 - 000080816 _____ C:\Windows\system32\rtp.db
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Windows\SysWOW64\statReporter
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\Public\Security Sessions
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\AviraWebView2Cache
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Program Files\Avira
2025-05-14 23:40 - 2025-03-31 21:23 - 000440488 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp1.sys
2025-05-14 23:40 - 2025-03-31 21:23 - 000440464 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp2.sys
2025-05-14 23:40 - 2025-03-24 09:12 - 000119656 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\netprotection_network_filter.sys
2025-05-14 23:39 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\Avira
2025-05-14 23:39 - 2025-05-14 23:40 - 000000000 ____D C:\ProgramData\Avira
2025-05-14 23:39 - 2025-05-14 23:39 - 000003888 _____ C:\Windows\system32\Tasks\Avira_Security_Maintenance
2025-05-14 23:39 - 2025-05-14 23:39 - 000003784 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupVerify
2025-05-14 23:39 - 2025-05-14 23:39 - 000003706 _____ C:\Windows\system32\Tasks\Avira_FallbackUpdater
2025-05-14 23:39 - 2025-05-14 23:39 - 000003480 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2025-05-14 23:39 - 2025-05-14 23:39 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2025-05-14 23:39 - 2025-05-14 23:39 - 000002818 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2025-05-14 23:39 - 2025-05-14 23:39 - 000001157 _____ C:\Users\Public\Desktop\Avira.lnk
2025-05-14 23:39 - 2025-05-14 23:39 - 000000000 ____D C:\Users\Public\Speedup Sessions
2025-05-14 23:39 - 2025-05-14 23:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2025-05-14 23:39 - 2025-05-14 23:39 - 000000000 ____D C:\Program Files (x86)\Avira
2025-05-14 23:37 - 2025-05-14 23:38 - 006843728 _____ (Avira Operations GmbH) C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe
2025-05-14 23:00 - 2025-05-15 06:31 - 000000000 ____D C:\Windows\CbsTemp
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-14 15:41 - 2025-05-15 06:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-09 07:55 - 2025-05-09 07:55 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2025.lnk
2025-05-09 07:45 - 2025-05-09 07:45 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2025-05-04 15:25 - 2025-05-04 15:25 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2025-05-04 15:25 - 2025-05-04 15:25 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2025-05-02 21:52 - 2025-05-08 16:56 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-04-24 18:56 - 2025-04-24 18:56 - 001773972 _____ C:\Users\emqi-\Downloads\Plakate_Brunnen_-_Kirchbrunnen-web_6.pdf
2025-04-22 00:25 - 2025-04-22 00:25 - 000223662 _____ C:\Users\emqi-\Downloads\Hausordnung (2)-1.pdf
2025-04-21 16:33 - 2025-04-21 16:33 - 000223662 _____ C:\Users\emqi-\Downloads\Hausordnung (2).pdf
2025-04-15 10:06 - 2025-04-15 10:06 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-15 17:29 - 2025-03-28 23:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Malwarebytes
2025-05-15 17:29 - 2025-03-24 22:03 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\WTablet
2025-05-15 17:27 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-15 17:26 - 2025-03-25 00:10 - 000003582 _____ C:\Windows\system32\Tasks\Launch Adobe CCXProcess
2025-05-15 17:25 - 2025-03-27 15:20 - 000000000 ____D C:\Users\emqi-\AppData\Local\Norton
2025-05-15 17:24 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-05-15 17:23 - 2025-03-25 00:45 - 000001279 _____ C:\Users\emqi-\Desktop\ESET Online Scanner.lnk
2025-05-15 17:23 - 2025-03-25 00:44 - 000001385 _____ C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-15 16:45 - 2025-03-24 22:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-15 16:44 - 2024-10-29 15:06 - 000009198 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-05-15 16:36 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-05-15 16:30 - 2025-03-30 13:15 - 000000000 ____D C:\Windows\system32\Tasks\Norton 360
2025-05-15 16:30 - 2024-10-29 15:10 - 001637736 _____ C:\Windows\system32\PerfStringBackup.INI
2025-05-15 16:30 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-05-15 16:24 - 2025-02-17 15:17 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2025-05-15 16:24 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-05-15 16:23 - 2024-10-29 15:06 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-05-15 16:23 - 2024-10-29 15:04 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-15 16:23 - 2024-10-29 15:04 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-05-15 06:30 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Packages
2025-05-15 06:30 - 2024-10-29 15:06 - 000000000 ____D C:\ProgramData\Packages
2025-05-15 06:29 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-05-15 06:28 - 2024-10-29 15:04 - 000475880 _____ C:\Windows\system32\FNTCACHE.DAT
2025-05-15 06:27 - 2025-03-24 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\InboxApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\DDFs
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-05-14 23:40 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-05-14 22:24 - 2025-03-24 18:52 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Excel
2025-05-14 20:17 - 2024-10-29 15:11 - 000000000 ____D C:\Windows\system32\MRT
2025-05-14 20:16 - 2024-10-29 15:11 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 19:59 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-14 19:55 - 2025-03-24 22:08 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-14 16:03 - 2024-10-29 15:07 - 003369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-12 16:45 - 2024-10-29 15:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-11 15:25 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\D3DSCache
2025-05-10 08:11 - 2024-10-29 15:04 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-10 08:11 - 2024-10-29 15:04 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-10 08:10 - 2025-03-24 23:50 - 000000000 ____D C:\Users\emqi-\AppData\Local\CrashDumps
2025-05-09 07:55 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-05-09 07:49 - 2025-03-24 23:39 - 000000000 ____D C:\ProgramData\Adobe
2025-05-09 07:45 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Adobe
2025-05-09 07:45 - 2025-03-24 18:57 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD_Common
2025-05-08 22:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AppLocker
2025-05-08 17:00 - 2024-10-29 15:04 - 000003832 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{323B8279-7486-43E6-B26C-D4E2B6221AA6}
2025-05-08 17:00 - 2024-10-29 15:04 - 000003708 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{0314DEF4-2C78-42E3-98D2-7EF5DB5F46A6}
2025-05-08 16:58 - 2024-04-01 09:21 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-05-03 11:57 - 2025-03-24 22:45 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-05-02 07:13 - 2025-03-29 11:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-29 12:57 - 2025-03-24 18:51 - 000000000 ___RD C:\Users\emqi-\OneDrive
2025-04-25 13:54 - 2025-03-24 23:36 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\com.adobe.dunamis
2025-04-18 11:24 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-04-15 10:06 - 2025-03-24 23:39 - 000000000 ____D C:\Users\emqi-\AppData\LocalLow\Adobe
2025-04-15 10:06 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files (x86)\Adobe

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-05-2025
durchgeführt von emqi- (15-05-2025 17:30:12)
Gestartet von C:\Users\emqi-\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) (2025-03-24 16:22:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-76596380-2333717119-1847427047-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-76596380-2333717119-1847427047-503 - Limited - Disabled)
emqi- (S-1-5-21-76596380-2333717119-1847427047-1003 - Administrator - Enabled) => C:\Users\emqi-
Gast (S-1-5-21-76596380-2333717119-1847427047-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-76596380-2333717119-1847427047-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {61D2ED93-F75C-BA0D-4274-43D53B8C0EEE}
AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.6.0.611 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2025 (HKLM-x32\...\PHSP_26_6_1) (Version: 26.6.1.7 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.10.17.152 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.33 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.30.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{d1b7ab36-91d4-42d5-b3d3-e2827144f4d7}) (Version: 6.10.17.152 - Advanced Micro Devices, Inc.) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.45.1.24068 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.109.1990 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 7.4.0.511 - Avira Operations GmbH) Hidden
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Corsair Device Control Service (HKLM\...\{3761F1BA-5697-4562-B677-E3CE0F944679}) (Version: 1.3.1 - Corsair)
Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.24.57 - Corsair)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2504.5388 - Avira Operations GmbH) Hidden
Malwarebytes version 5.2.11.183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.11.183 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.64 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.64 - Microsoft Corporation) Hidden
Microsoft Office Home 2024 - de-de (HKLM\...\Home2024Retail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 138.0.3 (x64 de)) (Version: 138.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 138.0 (x64 de)) (Version: 138.0 - Mozilla)
Norton 360 (HKLM-x32\...\NGC) (Version: 22.24.8.36 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden
RyzenMasterSDK (HKLM\...\{8550DA97-C688-45A2-B080-36B97D867DBC}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_3_0) (Version: 1.3.0 - Adobe Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.4.9-2 - Wacom Technology Corp.)

Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2025-03-24] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2025-03-24] (Advanced Micro Devices Inc.)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23355.1356.0_x64__8wekyb3d8bbwe [2024-10-29] (Microsoft Corporation)
Klick-und-Los (Vorschau) -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-03-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-03-26] (Microsoft Corp.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.9.1.0_x64__8wekyb3d8bbwe [2025-05-09] (Microsoft Corporation)
Norton Security -> C:\Program Files\Norton Security\Engine\22.24.8.36 [2025-05-15] (NortonLifeLock Inc.)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-12] ()
Windows Feature Experience Pack -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{3978C7B3-066A-45B3-9361-2F73A45C1449}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [  AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.8.36\NavShExt.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-10-01] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.8.36\NavShExt.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2025-05-13] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-10-01] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2024-10-01] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.24.8.36\buShell.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.24.8.36\NavShExt.dll [2024-09-13] (NortonLifeLock Inc. -> Gen Digital Inc.)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2025-03-24 21:59 - 2025-02-06 03:14 - 004311040 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\LicenseManager.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002655744 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\libxml2.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 007785984 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterLibrary.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 001418752 _____ (Microsoft.Graphics.Canvas.Interop) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.Graphics.Canvas.Interop.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002357248 _____ (WacomCenterUI) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2024-04-01 09:26 - 2024-04-01 09:24 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\emqi-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\1934621923452568658\133914532419826283.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

Network Binding:
=============
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
WLAN: RZ616 Wi-Fi 6E 160MHz -> mtkwl6ex.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A1261539-259B-4C77-8CBA-DFB4B86C83AD}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D88B2AF-4387-48D4-94BE-5888A1869085}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{857D992C-BF14-4306-9F32-D4490E936433}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3FA1A680-57A1-4907-A3F6-05020263F4F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CC35BF3D-3774-4C64-BE1E-01B141841AF8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{E64F8643-F191-4F8E-8925-6E272AE7885C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{58C2E115-B60A-498C-A6C2-2C3EF5C24404}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C80DB8B-1096-4CD4-AAC2-58E194139D2E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE4CB71C-9CAD-4066-985B-5CA7301CB14E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager ============

==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (05/15/2025 04:24:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\EMQI-LIVINGPICS$ über https://AMD-KeyId-bc8eac10844f5c7ebfe8bac2ceb50e8cdf34ef88.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(47ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/15/2025 06:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.4060_none_a55287a7772b57c2\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/14/2025 11:02:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.4060_none_a55287a7772b57c2\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/14/2025 11:01:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.4060_none_a55287a7772b57c2\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/14/2025 11:00:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.3764_none_a5067b2d776484b6\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).

Error: (05/14/2025 11:00:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/14/2025 09:35:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).

Error: (05/14/2025 08:16:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Beschreibung = Windows Update; Fehler = 0x80070422).


Systemfehler:
=============
Error: (05/15/2025 04:26:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/15/2025 04:26:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (05/15/2025 04:23:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎15.‎05.‎2025 um 07:09:38 unerwartet heruntergefahren.

Error: (05/15/2025 04:23:48 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/15/2025 06:31:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/15/2025 06:31:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (05/15/2025 06:28:57 AM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/15/2025 06:28:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Update Orchestrator Service" wurde mit folgendem Fehler beendet:
%%2149884192


Windows Defender:
================
Date: 2025-05-14 23:26:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2025-05-12 17:41:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-11 15:47:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-10 19:39:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-04 14:40:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2025-05-14 22:56:22
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:55:33
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:48:37
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:48:27
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-03-15 15:01:22
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence and will attempt to revert to a previous version.
Security intelligence Attempted: Aktuell
Error Code: 0x80501102
Error description: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security intelligence Version: 1.421.1944.0;1.421.1944.0
Engine Version: 1.1.24090.11

CodeIntegrity:
===============
Date: 2025-05-15 17:27:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\wsc_agent.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2025-05-15 17:27:12
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-05-15 17:27:12
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

BIOS: American Megatrends International, LLC. 1.I0 12/27/2024
Hauptplatine: Micro-Star International Co., Ltd. PRO B650-S WIFI (MS-7E26)
Prozessor: AMD Ryzen 5 7500F 6-Core Processor
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 32361.99 MB
Verfügbarer physikalischer RAM: 19141.5 MB
Summe virtueller Speicher: 35049.99 MB
Verfügbarer virtueller Speicher: 16503.14 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:930.52 GB) (Free:771.03 GB) (Model: KINGSTON SNV2S1000G) NTFS
Drive d: (Volume) (Fixed) (Total:1863 GB) (Free:624.18 GB) (Model: WD_BLACK SN770 2TB) NTFS

\\?\Volume{65a0ed77-80f7-45f3-b738-502983e78c35}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{a06396d4-135d-4615-a166-2d7a28f83397}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF8DF24A)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================

cosinus 15.05.2025 22:22
Zitat:
AV: Avira Security (Enabled - Up to date) {61D2ED93-F75C-BA0D-4274-43D53B8C0EEE}
AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
Das geht so nicht.
Avira oder Norton allein ist ja schon Unsinn. Beide deinstallieren, dann neue Logs.


Zitat:
Zwei wurden gelöscht, einer konnte nicht entfernt werden. Leider sehe ich keine Logfiles mehr.
Das ist leider eine wertlose Information, damit geht nicht heraus was genao wo genau gefunden wurde.

Bernd Brot 16.05.2025 17:26
Bitteschön:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-05-2025
durchgeführt von emqi- (Administrator) auf EMQI-LIVINGPICS (Micro-Star International Co., Ltd. MS-7E26) (16-05-2025 11:23:01)
Gestartet von C:\Users\emqi-\Downloads\FRST64.exe
Geladene Profile: emqi-
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\js\node_modules\adobe-cr\build\Release\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe ->) (WacomCenterUI) [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co., Ltd.) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe <7>
(C:\Users\emqi-\Downloads\FRST-OlderVersion\FRST64.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2503.16.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <3>
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.9.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-03-24] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1145256 2025-04-15] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [MicrosoftEdgeAutoLaunch_3753AF0C68244FA81F8581C5B5045ECE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {65C83666-9940-4560-8B3D-B6132FCFFCEF} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1035472 2024-11-28] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {65641C37-41B7-4D1F-B470-87FA608FF700} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {85B83905-898B-4973-9EEC-230FDAB20760} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-03-24] (ESET, spol. s r.o. -> ESET)
Task: {92A6E3F6-ADA2-464D-A8E3-E0E8FC353AF0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-03-24] (ESET, spol. s r.o. -> ESET)
Task: {C2B0E3F9-2A9A-46D6-8500-9F4F81B1C0E8} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194048 2025-04-14] (Adobe Inc. -> Adobe Inc.)
Task: {9907CA05-5F39-4047-8255-D1F3763F6975} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5201D26D-040E-48BA-A02F-6A27F838E3B5} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {63A6A830-237D-4D8C-947E-43BFCC2DBD98} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CB3F895-FFEF-462C-A019-77DC140A20DB} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68392 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FC9062A-83D4-4E9A-9496-944E1E3C4816} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102352 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {9A525066-2543-40CF-8C50-68822679C2F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {511C3F4D-57AD-4C16-A922-B04DC2F38364} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307384 2025-05-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {948813CB-2586-4707-A292-1C26C122F801} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [213216 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {EC321559-8DD9-4834-A5B5-A3D5F0458A38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E6CDDE9C-EA8C-4E56-ACDE-9115C966289E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2F4BA091-46F6-46A4-8D86-8DBC074BC574} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1619788B-F44C-4E6A-BF35-892A8EAB0E07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D80CDC39-C24E-4ECF-9FC7-F0713D013101} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DD2C0B0E-B6F5-4735-B579-0B0FD439A698} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {352CA8DA-CAB1-4639-BE57-72BE012BC051} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1035472 2024-11-28] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {703B758E-B8B5-4209-809C-1FDFC66DABC1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-76596380-2333717119-1847427047-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {F09DEF76-FAA8-4679-817E-49DDDCE11E27} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {FF61CB78-91BB-420F-94A2-92CB9B61CBB9} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [139472 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {0452EA46-B53C-4219-AB38-A7E0AA457AA1} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2024-11-27] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpDomain] speedport.ip

Edge:
=======
Edge Profile: C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-16]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=NMTE
Edge Extension: (Avira Password Manager) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2025-05-14]
Edge Extension: (Google Docs Offline) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-27]
Edge Extension: (Edge relevant text changes) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-03-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]

FireFox:
========
FF DefaultProfile: gtxv1m88.default
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\gtxv1m88.default [2025-03-24]
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release [2025-05-16]
FF Notifications: Mozilla\Firefox\Profiles\0z7ao6fm.default-release -> hxxps://www.youtube.com; hxxps://www.instagram.com; hxxps://www.reutlingen.de; hxxps://www.schwarzwaelder-bote.de; hxxps://www.pinterest.de; hxxps://www.crowdcast.io; hxxps://www.jinbei-deutschland.de; hxxps://www.facebook.com
FF Extension: (Activist – Balanced) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-17]
FF Extension: (HTTPS Everywhere) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (uBlock Origin) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-03-22]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
FF Extension: (Mobile View Switcher) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{fa247c57-77ac-41cd-b942-332051e15ced}.xpi [2022-07-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-04-15] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_7bf038ca4e246b90\AmdPpkgSvc.exe [525608 2024-10-06] (Advanced Micro Devices -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13824240 2025-05-02] (Microsoft Corporation -> Microsoft Corporation)
S3 CorsairDeviceControlService; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe [2430504 2024-10-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9406208 2025-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-10] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ZTHELPER; C:\Windows\System32\zthelper.dll [146096 2025-05-14] (Microsoft Windows -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrmgr.sys [36016 2024-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33592 2024-09-12] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_d4de13a10f2586d0\amdsafd.sys [112952 2024-06-15] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\amdkmdag.sys [110965144 2024-12-04] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [200704 2024-10-29] (Microsoft Corporation) [Datei ist nicht signiert]
R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23616 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterx64; C:\Windows\System32\drivers\mtkbtfilterx.sys [345056 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1587680 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S3 ThermalFilter; C:\Windows\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [20016 2025-04-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [605576 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\Windows\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_8d863c975b4367df\wini3ctarget.sys [79288 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ACHTUNG
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-16 11:22 - 2025-05-16 11:22 - 000000000 ____D C:\Users\emqi-\Downloads\FRST-OlderVersion
2025-05-16 10:46 - 2025-05-16 10:46 - 000036023 _____ C:\Users\emqi-\Downloads\FRST alt 16.5.2025..txt
2025-05-16 10:46 - 2025-05-16 10:46 - 000027961 _____ C:\Users\emqi-\Downloads\Addition alt 16.5.2025.txt
2025-05-16 10:23 - 2025-05-16 10:23 - 000707760 _____ C:\Windows\system32\perfh007.dat
2025-05-16 10:23 - 2025-05-16 10:23 - 000150734 _____ C:\Windows\system32\perfc007.dat
2025-05-16 09:53 - 2025-05-16 09:53 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2025-05-15 19:31 - 2025-05-16 10:16 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-05-15 17:30 - 2025-05-16 10:26 - 000027958 _____ C:\Users\emqi-\Downloads\Addition.txt
2025-05-15 17:29 - 2025-05-16 11:23 - 000025515 _____ C:\Users\emqi-\Downloads\FRST.txt
2025-05-15 17:28 - 2025-05-16 11:23 - 000000000 ____D C:\FRST
2025-05-15 17:27 - 2025-05-16 11:22 - 002405888 _____ (Farbar) C:\Users\emqi-\Downloads\FRST64.exe
2025-05-14 23:40 - 2025-05-16 09:53 - 000992144 _____ C:\Windows\system32\rtp.db
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Windows\SysWOW64\statReporter
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\Public\Security Sessions
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\AviraWebView2Cache
2025-05-14 23:39 - 2025-05-16 10:00 - 000000000 ____D C:\ProgramData\Avira
2025-05-14 23:39 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\Avira
2025-05-14 23:37 - 2025-05-14 23:38 - 006843728 _____ (Avira Operations GmbH) C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe
2025-05-14 23:00 - 2025-05-15 18:44 - 000000000 ____D C:\Windows\CbsTemp
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-14 15:41 - 2025-05-15 06:27 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-09 07:55 - 2025-05-09 07:55 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2025.lnk
2025-05-09 07:45 - 2025-05-09 07:45 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2025-05-04 15:25 - 2025-05-04 15:25 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2025-05-04 15:25 - 2025-05-04 15:25 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2025-05-02 21:52 - 2025-05-08 16:56 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-04-24 18:56 - 2025-04-24 18:56 - 001773972 _____ C:\Users\emqi-\Downloads\Plakate_Brunnen_-_Kirchbrunnen-web_6.pdf
2025-04-22 00:25 - 2025-04-22 00:25 - 000223662 _____ C:\Users\emqi-\Downloads\Hausordnung (2)-1.pdf
2025-04-21 16:33 - 2025-04-21 16:33 - 000223662 _____ C:\Users\emqi-\Downloads\Hausordnung (2).pdf

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-16 11:23 - 2025-03-24 22:03 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\WTablet
2025-05-16 11:22 - 2025-03-28 23:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Malwarebytes
2025-05-16 11:19 - 2025-03-25 00:10 - 000003582 _____ C:\Windows\system32\Tasks\Launch Adobe CCXProcess
2025-05-16 11:18 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-16 11:18 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-05-16 11:18 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-16 11:13 - 2025-03-25 00:44 - 000001385 _____ C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-16 10:39 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-05-16 10:23 - 2024-10-29 15:10 - 001637736 _____ C:\Windows\system32\PerfStringBackup.INI
2025-05-16 10:23 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-05-16 10:22 - 2025-03-24 22:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-16 10:18 - 2025-03-25 00:45 - 000001279 _____ C:\Users\emqi-\Desktop\ESET Online Scanner.lnk
2025-05-16 10:18 - 2024-10-29 15:06 - 000009490 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-05-16 10:17 - 2025-02-17 15:17 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2025-05-16 10:17 - 2024-10-29 15:38 - 000000000 ____D C:\ProgramData\Norton
2025-05-16 10:17 - 2024-10-29 15:06 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-05-16 10:17 - 2024-10-29 15:04 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-16 10:17 - 2024-10-29 15:04 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-05-16 10:16 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Packages
2025-05-16 10:16 - 2024-10-29 15:06 - 000000000 ____D C:\ProgramData\Packages
2025-05-16 10:16 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-05-16 10:16 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-05-16 10:16 - 2024-04-01 09:21 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-05-16 10:05 - 2025-03-27 15:20 - 000000000 ____D C:\Users\emqi-\AppData\Local\Norton
2025-05-16 09:44 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-05-15 21:54 - 2024-10-29 15:11 - 000000000 ____D C:\Windows\system32\MRT
2025-05-15 17:43 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD
2025-05-15 06:28 - 2024-10-29 15:04 - 000475880 _____ C:\Windows\system32\FNTCACHE.DAT
2025-05-15 06:27 - 2025-03-24 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\InboxApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\DDFs
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-05-14 22:24 - 2025-03-24 18:52 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Excel
2025-05-14 20:16 - 2024-10-29 15:11 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 19:55 - 2025-03-24 22:08 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-14 16:03 - 2024-10-29 15:07 - 003369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-12 16:45 - 2024-10-29 15:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-11 15:25 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\D3DSCache
2025-05-10 08:11 - 2024-10-29 15:04 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-10 08:11 - 2024-10-29 15:04 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-10 08:10 - 2025-03-24 23:50 - 000000000 ____D C:\Users\emqi-\AppData\Local\CrashDumps
2025-05-09 07:55 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-05-09 07:49 - 2025-03-24 23:39 - 000000000 ____D C:\ProgramData\Adobe
2025-05-09 07:45 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Adobe
2025-05-09 07:45 - 2025-03-24 18:57 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD_Common
2025-05-08 22:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AppLocker
2025-05-08 17:00 - 2024-10-29 15:04 - 000003832 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{323B8279-7486-43E6-B26C-D4E2B6221AA6}
2025-05-08 17:00 - 2024-10-29 15:04 - 000003708 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{0314DEF4-2C78-42E3-98D2-7EF5DB5F46A6}
2025-05-03 11:57 - 2025-03-24 22:45 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-05-02 07:13 - 2025-03-29 11:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-29 12:57 - 2025-03-24 18:51 - 000000000 ___RD C:\Users\emqi-\OneDrive
2025-04-25 13:54 - 2025-03-24 23:36 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\com.adobe.dunamis
2025-04-18 11:24 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-05-2025
durchgeführt von emqi- (16-05-2025 11:23:42)
Gestartet von C:\Users\emqi-\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) (2025-03-24 16:22:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-76596380-2333717119-1847427047-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-76596380-2333717119-1847427047-503 - Limited - Disabled)
emqi- (S-1-5-21-76596380-2333717119-1847427047-1003 - Administrator - Enabled) => C:\Users\emqi-
Gast (S-1-5-21-76596380-2333717119-1847427047-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-76596380-2333717119-1847427047-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.6.0.611 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2025 (HKLM-x32\...\PHSP_26_6_1) (Version: 26.6.1.7 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 6.10.17.152 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.133 - Advanced Micro Devices, Inc.) Hidden
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.90 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.33 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.30.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 24.12.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{d1b7ab36-91d4-42d5-b3d3-e2827144f4d7}) (Version: 6.10.17.152 - Advanced Micro Devices, Inc.) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Corsair Device Control Service (HKLM\...\{3761F1BA-5697-4562-B677-E3CE0F944679}) (Version: 1.3.1 - Corsair)
Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.24.57 - Corsair)
Malwarebytes version 5.2.11.183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.11.183 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.64 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.64 - Microsoft Corporation) Hidden
Microsoft Office Home 2024 - de-de (HKLM\...\Home2024Retail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18730.20142 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 138.0.3 (x64 de)) (Version: 138.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 138.0 (x64 de)) (Version: 138.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20142 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden
RyzenMasterSDK (HKLM\...\{8550DA97-C688-45A2-B080-36B97D867DBC}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_3_0) (Version: 1.3.0 - Adobe Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.4.9-2 - Wacom Technology Corp.)

Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2025-03-24] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2025-03-24] (Advanced Micro Devices Inc.)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23355.1356.0_x64__8wekyb3d8bbwe [2024-10-29] (Microsoft Corporation)
Klick-und-Los (Vorschau) -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-03-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-03-26] (Microsoft Corp.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.9.1.0_x64__8wekyb3d8bbwe [2025-05-09] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-12] ()
Windows Feature Experience Pack -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{3978C7B3-066A-45B3-9361-2F73A45C1449}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [  AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2025-03-24 21:59 - 2025-02-06 03:14 - 004311040 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\LicenseManager.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002655744 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\libxml2.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 007785984 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterLibrary.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 001418752 _____ (Microsoft.Graphics.Canvas.Interop) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.Graphics.Canvas.Interop.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002357248 _____ (WacomCenterUI) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2024-04-01 09:26 - 2024-04-01 09:24 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\emqi-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\1934621923452568658\133914532419826283.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

Network Binding:
=============
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
WLAN: RZ616 Wi-Fi 6E 160MHz -> mtkwl6ex.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A1261539-259B-4C77-8CBA-DFB4B86C83AD}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3D88B2AF-4387-48D4-94BE-5888A1869085}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25044.2208.3471.2155_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{857D992C-BF14-4306-9F32-D4490E936433}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3FA1A680-57A1-4907-A3F6-05020263F4F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{CC35BF3D-3774-4C64-BE1E-01B141841AF8}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{E64F8643-F191-4F8E-8925-6E272AE7885C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{58C2E115-B60A-498C-A6C2-2C3EF5C24404}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4C80DB8B-1096-4CD4-AAC2-58E194139D2E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BE4CB71C-9CAD-4066-985B-5CA7301CB14E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.64\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager ============

==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (05/16/2025 10:25:36 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/16/2025 10:25:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/16/2025 10:25:30 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Beschreibung = Windows Update; Fehler = 0x80070422).

Error: (05/16/2025 10:17:20 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\EMQI-LIVINGPICS$ über https://AMD-KeyId-bc8eac10844f5c7ebfe8bac2ceb50e8cdf34ef88.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(16ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/16/2025 10:15:11 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\EMQI-LIVINGPICS$ über https://AMD-KeyId-bc8eac10844f5c7ebfe8bac2ceb50e8cdf34ef88.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(15ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/16/2025 09:47:14 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\Windows\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).

Error: (05/15/2025 04:24:23 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\EMQI-LIVINGPICS$ über https://AMD-KeyId-bc8eac10844f5c7ebfe8bac2ceb50e8cdf34ef88.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(47ms)
Phase: GetCACaps
Der Servername oder die Serveradresse konnte nicht verarbeitet werden. 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (05/15/2025 06:29:47 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.4060_none_a55287a7772b57c2\TiWorker.exe -Embedding; Beschreibung = Windows Modules Installer; Fehler = 0x80070422).


Systemfehler:
=============
Error: (05/16/2025 10:25:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/16/2025 10:16:36 AM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/16/2025 10:16:36 AM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/16/2025 10:14:18 AM) (Source: DCOM) (EventID: 10010) (User: EMQI-LIVINGPICS)
Description: Der Server "{740FE937-01F7-4482-AA62-C83F0AD3D6D0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/16/2025 09:46:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Avira Security Updater" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (05/16/2025 09:46:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Security Updater erreicht.

Error: (05/16/2025 09:44:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎15.‎05.‎2025 um 21:43:59 unerwartet heruntergefahren.

Error: (05/16/2025 09:43:38 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.


Windows Defender:
================
Date: 2025-05-14 23:26:06
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2025-05-12 17:41:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-11 15:47:58
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-10 19:39:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2025-05-04 14:40:56
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]

Date: 2025-05-16 10:43:10
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-16 10:43:02
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:56:22
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:55:33
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-14 22:48:37
Description:
Microsoft Defender Antivirus has encountered an error trying to download and configure Microsoft Defender Antivirus (offline scan).
Error code: 0x80070032
Error description: Die Anforderung wird nicht unterstützt. 

CodeIntegrity:
===============
Date: 2025-05-16 10:15:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-05-16 10:15:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

BIOS: American Megatrends International, LLC. 1.I0 12/27/2024
Hauptplatine: Micro-Star International Co., Ltd. PRO B650-S WIFI (MS-7E26)
Prozessor: AMD Ryzen 5 7500F 6-Core Processor
Prozentuale Nutzung des RAM: 44%
Installierter physikalischer RAM: 32361.99 MB
Verfügbarer physikalischer RAM: 17806.88 MB
Summe virtueller Speicher: 35049.99 MB
Verfügbarer virtueller Speicher: 14748.7 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:930.52 GB) (Free:774.38 GB) (Model: KINGSTON SNV2S1000G) NTFS
Drive d: (Volume) (Fixed) (Total:1863 GB) (Free:623.91 GB) (Model: WD_BLACK SN770 2TB) NTFS
Drive g: () (Removable) (Total:29.85 GB) (Free:12.12 GB) FAT32

\\?\Volume{65a0ed77-80f7-45f3-b738-502983e78c35}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{a06396d4-135d-4615-a166-2d7a28f83397}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF8DF24A)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 29.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================
Bitte um Tipp, wie ich an die ESET Logfiles kommen kann. Online sehe ich keine Möglichkeit (Liegt vielleicht an der kostenlosen Version ?) In der Quarantäne ist auch nichts abgelegt.

Wäre der ominöse Facebook-Link hilfreich ?

Bin v. 19. bis 22.5.2025 nicht am PC erreichbar.
Bitte Beitrag nicht schließen.
Danke.

M-K-D-B 16.05.2025 20:03
Servus,


ich übernehme ab hier für cosinus.



Zitat:
Bitte um Tipp, wie ich an die ESET Logfiles kommen kann. Online sehe ich keine Möglichkeit (Liegt vielleicht an der kostenlosen Version ?) In der Quarantäne ist auch nichts abgelegt.
Ich denke eher nicht, dass wir die Logdatei von EOS noch bekommen.
Standardmäßig wird keine Logdatei abgespeichert. Am Ende des Suchlaufs kann man ein Häkchen zum Abspeichern der Logdatei setzen, nachzulesen hier.

Suche nach TXT bzw. LOG Dateien in diesem Verzeichnis:
C:\Users\emqi-\AppData\Local\ESET\



Zitat:
Wäre der ominöse Facebook-Link hilfreich ?
Ich habe keinen Link erhalten und weiß nicht, wovon du sprichst. ;)

Bernd Brot 17.05.2025 12:23
Servus,
ja, die Dateien konnte ich nirgends finden.
Wie können wir denn nun fortfahren ?

Anbei die angebliche Facebook-Mitteilung mit dem verhängnisvollen link.

Keine Ahnung, ob das hilfreich ist ?

Habe aktuell das Problem, dass ich nicht weiß wie ich die Datei hochladen kann (png)

Es kommt immer diese Meldung: PHP User Warning: is_dir(): open_basedir restriction in effect. File(/) is not within the allowed path(s): (/var/www/vhosts/trojaner-board.de/:/tmp/) in ..../includes/functions_file.php on line 60

cosinus 17.05.2025 12:50
Du kannst den Bilderhoster https://de.imgbb.com verwenden.

Bernd Brot 17.05.2025 14:03
Jetzt die Datei

https://ibb.co/WvRgWsP5

M-K-D-B 17.05.2025 14:20
Servus,



Zitat:
Zitat von Bernd Brot (Beitrag 1790879)
Anbei die angebliche Facebook-Mitteilung mit dem verhängnisvollen link.

Keine Ahnung, ob das hilfreich ist ?
Ja, sieht nach ner Fake-Nachricht aus.

Aber aufgrund der Nachricht kann man nicht sagen, welche Malware auf deinem System war. Und da ESET nichts protokolliert hat, tappen wir diesbezüglich im Dunkeln.




Zitat:
Zitat von Bernd Brot (Beitrag 1790879)
Wie können wir denn nun fortfahren ?
Wir können mit weiteren Tools deinen Rechner überprüfen bzw. mit FRST Reparaturen durchführen, wenn du das wünscht.

Bernd Brot 17.05.2025 14:31
Ja, gerne.

M-K-D-B 17.05.2025 14:43
Wir beginnen mit einer Reparatur mit FRST.
Dies kann einige Minuten dauern, es werden auch die Systemdateien überprüft und ggf. repariert.






Reparatur mit FRST
HINWEIS AN ALLE MITLESER:
Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Markiere den gesamten Inhalt der folgenden Code-Box mit der Maus und kopiere ihn (gleichzeitiges Drücken der beiden Tasten "STRG" + "C"):
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
    AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
    FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
    ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
    ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
    C:\Program Files (x86)\Avira
    Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
    GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
    C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle
    Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
    FF Notifications: Mozilla\Firefox\Profiles\0z7ao6fm.default-release -> hxxps://www.youtube.com; hxxps://www.instagram.com; hxxps://www.reutlingen.de; hxxps://www.schwarzwaelder-bote.de; hxxps://www.pinterest.de; hxxps://www.crowdcast.io; hxxps://www.jinbei-deutschland.de; hxxps://www.facebook.com
    S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ACHTUNG
    S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]
    2025-05-16 09:53 - 2025-05-16 09:53 - 000000000 ____D C:\Windows\system32\Tasks\Avira
    2025-05-14 23:40 - 2025-05-16 09:53 - 000992144 _____ C:\Windows\system32\rtp.db
    2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Windows\SysWOW64\statReporter
    2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\Public\Security Sessions
    2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\AviraWebView2Cache
    2025-05-14 23:39 - 2025-05-16 10:00 - 000000000 ____D C:\ProgramData\Avira
    2025-05-14 23:39 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\Avira
    2025-05-14 23:37 - 2025-05-14 23:38 - 006843728 _____ (Avira Operations GmbH) C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe
    2025-05-16 10:17 - 2024-10-29 15:38 - 000000000 ____D C:\ProgramData\Norton
    CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winhttp reset proxy
    CMD: Bitsadmin /Reset /Allusers
    CMD: Winmgmt /salvagerepository
    CMD: Winmgmt /verifyrepository
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: sfc /scannow
    Hosts:
    RemoveProxy:
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt auf den Button Reparieren.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt die Datei fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Zum Abschluss wird das System neu gestartet.
  • Poste mir den Inhalt der Datei fixlog.txt mit deiner nächsten Antwort.

Bernd Brot 17.05.2025 15:37
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-05-2025
durchgeführt von emqi- (17-05-2025 16:28:03) Run:1
Gestartet von C:\Users\emqi-\Downloads
Geladene Profile: emqi-
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - ) Hidden
AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
C:\Program Files (x86)\Avira
Toolbar: HKLM-x32 - Kein Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Keine Datei
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FF Notifications: Mozilla\Firefox\Profiles\0z7ao6fm.default-release -> hxxps://www.youtube.com; hxxps://www.instagram.com; hxxps://www.reutlingen.de; hxxps://www.schwarzwaelder-bote.de; hxxps://www.pinterest.de; hxxps://www.crowdcast.io; hxxps://www.jinbei-deutschland.de; hxxps://www.facebook.com
S3 cpuz158; \??\C:\Windows\temp\cpuz158\cpuz158_x64.sys [X] <==== ACHTUNG
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]
2025-05-16 09:53 - 2025-05-16 09:53 - 000000000 ____D C:\Windows\system32\Tasks\Avira
2025-05-14 23:40 - 2025-05-16 09:53 - 000992144 _____ C:\Windows\system32\rtp.db
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Windows\SysWOW64\statReporter
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\Public\Security Sessions
2025-05-14 23:40 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\AviraWebView2Cache
2025-05-14 23:39 - 2025-05-16 10:00 - 000000000 ____D C:\ProgramData\Avira
2025-05-14 23:39 - 2025-05-14 23:40 - 000000000 ____D C:\Users\emqi-\AppData\Local\Avira
2025-05-14 23:37 - 2025-05-14 23:38 - 006843728 _____ (Avira Operations GmbH) C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe
2025-05-16 10:17 - 2024-10-29 15:38 - 000000000 ____D C:\ProgramData\Norton
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater\\SystemComponent" => erfolgreich entfernt
"AV: Norton 360 (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}" => erfolgreich entfernt
"FW: Norton 360 (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}" => erfolgreich entfernt
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ContextMenu => erfolgreich entfernt
HKLM\Software\Classes\CLSID\{ee10d625-cc60-30a4-b3df-4b349785be6b} => erfolgreich entfernt
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\ContextMenu => erfolgreich entfernt
"C:\Program Files (x86)\Avira" => nicht gefunden
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => erfolgreich entfernt
C:\Program Files\Mozilla Firefox\distribution\policies.json => erfolgreich verschoben

"C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle" Ordner verschieben:

C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle => erfolgreich verschoben
HKLM\SOFTWARE\Wow6432Node\Microsoft\Edge\Extensions\emgfgdclgfeldebanedpihppahgngnle => erfolgreich entfernt
"FF Notifications:" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\cpuz158 => erfolgreich entfernt
cpuz158 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\SIUSBXP => erfolgreich entfernt
SIUSBXP => Dienst erfolgreich entfernt

"C:\Windows\system32\Tasks\Avira" Ordner verschieben:

C:\Windows\system32\Tasks\Avira => erfolgreich verschoben
C:\Windows\system32\rtp.db => erfolgreich verschoben

"C:\Windows\SysWOW64\statReporter" Ordner verschieben:

C:\Windows\SysWOW64\statReporter => erfolgreich verschoben

"C:\Users\Public\Security Sessions" Ordner verschieben:

C:\Users\Public\Security Sessions => erfolgreich verschoben

"C:\Users\emqi-\AppData\Local\AviraWebView2Cache" Ordner verschieben:

C:\Users\emqi-\AppData\Local\AviraWebView2Cache => erfolgreich verschoben

"C:\ProgramData\Avira" Ordner verschieben:

C:\ProgramData\Avira => erfolgreich verschoben

"C:\Users\emqi-\AppData\Local\Avira" Ordner verschieben:

C:\Users\emqi-\AppData\Local\Avira => erfolgreich verschoben
C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe => erfolgreich verschoben

"C:\ProgramData\Norton" Ordner verschieben:

C:\ProgramData\Norton => erfolgreich verschoben

========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========

Softwarelizenzierungsdienst-Version: 10.0.26100.3912

Name: Windows(R), Professional edition
Beschreibung: Windows(R) Operating System, VOLUME_MAK channel
Aktivierungs-ID: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 03612-03312-003-387534-03-1031-26100.0000-0622025
Product Key-Kanal: Volume:MAK
Installations-ID: 357282190847456363003978684366485540676525023173184725049838642
Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Teil-Product Key: XD73B
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 1000
Verbleibende SKU Rearm-Anzahl: 1001
Vertrauenswrdige Zeit: 17.05.2025 16:28:16




========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.



========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.



========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.



========= Ende von CMD: =========


========= netsh winhttp reset proxy =========


Aktuelle WinHTTP-Proxyeinstellungen:

    DirectAccess (kein Proxyserver).



========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{1890F5D2-BCA5-43BF-A510-AC1AF4FE7880} canceled.
1 out of 1 jobs canceled.


========= Ende von CMD: =========


========= Winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= Winmgmt /verifyrepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= sfc /scannow =========


Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.

Überprüfung 0 % abgeschlossen.
Überprüfung 0 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat beschädigte Dateien gefunden und erfolgreich repariert.
Bei Onlinereparaturen finden Sie Details in der CBS-Protokolldatei unter
windir\Logs\CBS\CBS.log. Beispiel C:\Windows\Logs\CBS\CBS.log. Bei Offlinereparaturen
finden Sie Details in der durch das /OFFLOGFILE-Kennzeichen angegebenen Protokolldatei.


========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 127384446 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 94068516 B
Edge => 0 B
Firefox => 1758922548 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 249962 B
NetworkService => 304684 B
emqi- => 622853829 B

RecycleBin => 9871400 B
EmptyTemp: => 2.4 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:31:41 ====

M-K-D-B 17.05.2025 16:12
Aus der Logdatei:
Zitat:
Der Windows-Ressourcenschutz hat beschädigte Dateien gefunden und erfolgreich repariert.

Dann machen wir weiter mit FMRS.

Ggf. musst du den Windows Defender vorher deaktivieren bzw. FMRS als Ausnahme hinzufügen. Manchmal meckert er wegen dem Tool rum, aber das ist ein Fehlalarm.



Bitte downloade dir Furtivex Malware Removal Script (FMRS) auf deinen Desktop.
  • Bitte speichere alle Arbeiten und schließe alle offenen Programme, da dieses Tool alle nicht-notwendigen Prozesse während der Bereinigung beendet.
  • Rechtsklicke auf FMRS und wähle Als Administrator ausführen.
  • Klicke auf Ja, um fortzufahren.
  • Bitte gedulde dich, während das Tool läuft.
  • Am Ende wird auf dem Desktop eine Datei mit dem Namen FMRS_[DatumUhrzeit].txt abgespeichert.
  • Poste mir den Inhalt dieser Datei mit deiner nächsten Antwort.

Bernd Brot 17.05.2025 17:07
FMRS nicht ausführbar.
https://ibb.co/39XNv7PR

Bei google Suche nach defender deaktivieren kam diese Meldung
https://ibb.co/zW5CdbXN

M-K-D-B 17.05.2025 19:45
Zitat:
Zitat von Bernd Brot (Beitrag 1790890)
FMRS nicht ausführbar.
https://ibb.co/39XNv7PR
Oha... :D

Dann vermute ich, dass bei dir "Smart App Control" aktiviert ist. Diese Einstellung blockiert zwar automatisch auch etwas mehr schädliche bzw. seltene Dateien, andererseits können dadurch auch bestimmte Tools nicht ausgeführt werden.

"Smart" (also clever) ist diese Einstellung allerdings gar nicht. Diese Option kann nur mit einer Neuinstallation geändert werden.



Zitat:
Zitat von Bernd Brot (Beitrag 1790890)
Bei google Suche nach defender deaktivieren kam diese Meldung
https://ibb.co/zW5CdbXN
Ja, dann müsstest du dort das Häkchen setzen - Captcha.

Wieso du allerdings im Internet nach Einstellungen für den Windows Defender suchst, verstehe ich nicht.

Unter Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit wirst du fündig. Aber wenn es so ist wie ich vermute (Smart App Control), kannst du da gar nichts machen.


Wir machen einfach zwei andere Suchläufe. :)


Schritt 1
Führe das Kaspersky Virus Removal Tool (KVRT) gemäß der bebilderten Anleitung aus und poste abschließend die Logdateien.



Schritt 2
Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu.

Bernd Brot 18.05.2025 08:16
Kaspersky keine Funde, keine logdatei.

Code:
SecurityCheck by glax24 & Severnyj v.1.4.0.58 [15.08.24]
WebSite: www.safezone.cc
DateLog: 18.05.2025 09:00:13
Path starting: C:\Users\emqi-\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: emqi-
VersionXML: 13.85is-16.05.2025
___________________________________________________________________________

Windows 11 Professional (x64) Release: 24H2 (10.0.26100.4061) Lang: German(0407)
Installation date OS: 24.03.2025 16:22:05
LicenseStatus: Office 16, Office16OneNoteFreeR_Bypass edition The machine is permanently activated.
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.5 Gb] Used: [152.7 Gb] Free: [777.8 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Sicherheitscenter (wscsvc) - The service is running
Remoteregistrierung (RemoteRegistry) - The service has stopped
SSDP-Suche (SSDPSRV) - The service has stopped
Remotedesktopdienste (TermService) - The service has stopped
Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped
Background Intelligent Transfer Service (BITS) - The service has stopped
Übermittlungsoptimierung (DoSvc) - The service is running
Windows-Sicherheitsdienst (SecurityHealthService) - The service is running
Update Orchestrator Service (UsoSvc) - The service is running
WaaSMedicSvc (WaaSMedicSvc) - The service has stopped
Windows Update (wuauserv) - The service is running
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.2.11.183 v.5.2.11.183 Warning! Download Update
Avira Fallback Updater
--------------------------- [ OtherUtilities ] ----------------------------
AMD Software v.24.12.1 Warning! Download Update
Microsoft Office Home 2024 - de-de v.16.0.18730.20142
Microsoft 365 - de-de v.16.0.18730.20142 Warning! Download Update
How Install Office updates?
Microsoft Edge WebView2-Laufzeit v.136.0.3240.76 [+]
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Creative Cloud v.6.6.0.611
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 de) v.138.0.4 [+]
Microsoft Edge v.136.0.3240.76
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird (x64 de) v.138.0 Warning! Download Update
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1391
Microsoft Defender Core Service (MDCoreSvc) - The service is running
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe v.4.18.25030.2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe v.4.18.25030.2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe v.4.18.25030.2
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------
Zitat:
Zitat von M-K-D-B (Beitrag 1790891)

Ja, dann müsstest du dort das Häkchen setzen - Captcha.

Wieso du allerdings im Internet nach Einstellungen für den Windows Defender suchst, verstehe ich nicht.

Unter Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit wirst du fündig. Aber wenn es so ist wie ich vermute (Smart App Control), kannst du da gar nichts machen.
.
Konnte auf die Schnelle das Abschalten des defenders nicht finden, deshalb die Google Suche.

Mich würde aber interessieren, wieso google diese Meldung bringt. War das der Eingriff durch FRST ?

M-K-D-B 18.05.2025 10:02
Zitat:
Zitat von Bernd Brot (Beitrag 1790896)
Mich würde aber interessieren, wieso google diese Meldung bringt. War das der Eingriff durch FRST ?
Ich habe dir im letzten Post auf eine Seite zu Google Captcha verlinkt. Dort findest du weitere Infos.
Mit FRST hat das nichts zu tun.




Zitat:
Zitat von Bernd Brot (Beitrag 1790896)
Kaspersky keine Funde, keine logdatei.
Eine Logdatei wird von diesem Tool immer erstellt, keine Funde klingt super. :daumenhoc




Da die Logdatei von ESET nicht gespeichert wurde und niemand weiß, welche Art von Malware auf dem System war, solltest zu zur Sicherheit alle Passwörter ändern.






Die von SecurityCheck bemängelten Programme solltest du aktualisieren (falls noch benötigt) oder deinstallieren (falls nicht mehr benötigt).
Die Downloadlinks dazu findest du in der Logdatei von SecurityCheck.





Entfernung der verwendeten Tools
Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:





Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen:

Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners



Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Bernd Brot 18.05.2025 15:33
Zum Finale !
Besten Dank und ein schönes Restwochenende.
Code:
# Run at 18.05.2025 16:27:55
# KpRm (Kernel-panik) version 2.19.0
# Website https://kernel-panik.me/tool/kprm/
# Run by emqi- from C:\Users\emqi-\Downloads
# Computer Name: EMQI-LIVINGPICS
# OS: Windows 11 X64 (26100) (10.0.26100.4061)
# Number of passes: 1

- Checked options -

    ~ Delete Tools
    ~ Delete Quarantines

- Delete Tools -


  ## ESET Online Scanner
    [OK] C:\Users\emqi-\Desktop\ESET Online Scanner.lnk deleted
    [OK] C:\Users\emqi-\Desktop\Desktop\ESET Online Scanner.lnk deleted
    [OK] C:\Users\emqi-\Downloads\esetonlinescanner.exe deleted
    [OK] C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
    [OK] C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
    [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\Addition.txt deleted
    [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\FRST.txt deleted
    [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\FRST64.exe deleted
    [OK] C:\Users\emqi-\Downloads\Addition alt 16.5.2025.txt deleted
    [OK] C:\Users\emqi-\Downloads\Addition.txt deleted
    [OK] C:\Users\emqi-\Downloads\Fixlog.txt deleted
    [OK] C:\Users\emqi-\Downloads\FRST alt 16.5.2025..txt deleted
    [OK] C:\Users\emqi-\Downloads\FRST-OlderVersion deleted
    [OK] C:\Users\emqi-\Downloads\FRST.txt deleted
    [OK] C:\Users\emqi-\Downloads\FRST64.exe deleted
    [OK] C:\FRST deleted

  ## Kaspersky Virus Removal Tool
    [OK] C:\Users\emqi-\Desktop\KVRT.exe deleted
    [R] C:\KVRT2020_Data deleted

  ## Malwarebytes (log)
    [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\Malwarebytes.txt deleted

  ## SecurityCheck
    [OK] C:\Users\emqi-\Downloads\SecurityCheck\SecurityCheck.exe deleted
    [OK] C:\SecurityCheck deleted

-- KPRM finished in 9.15s --


- Need to Restart -

M-K-D-B 18.05.2025 19:46
Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

M-K-D-B 25.05.2025 18:18
Der Fund von ESET zeigt auf dein Mailprogramm Thunderbird.

Vermutlich hast du eine Spam-Mail bzw. Mail mit verdächtigem Anhang / Link noch irgendwo abgespeichert. Überprüfe alle verdächtige Mails und lösche diese.

Hierbei handelt es sich aber um keine aktive Infektion deines Systems.

Bzgl. der reCaptcha Meldung von Google... sowas kann auch an VPN-Software liegen... du nutzt Avira VPN... VPN werden sowieso überbewertet, kann man sich getrost schenken.
Avira im Übrigen auch.

Bernd Brot 25.05.2025 18:37
Avira habe ich meines Wissens gelöscht. In den Programmen befindet sich noch ein Avira Fallback Updater. Soll/kann ich den entfernen ?

M-K-D-B 25.05.2025 18:44
Ja, hau weg das Teil.
Danach den Rechner neu starten.

Bernd Brot 25.05.2025 18:51
Zitat:
Zitat von M-K-D-B (Beitrag 1791029)
Ja, hau weg das Teil.
Danach den Rechner neu starten.
Gar nicht so einfach ;-)
https://ibb.co/jvC6C7tC

M-K-D-B 26.05.2025 14:11
Servus,


poste bitte aktuelle Logs von FRST.

Bernd Brot 26.05.2025 17:24
Bitteschön:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2025
durchgeführt von emqi- (Administrator) auf EMQI-LIVINGPICS (Micro-Star International Co., Ltd. MS-7E26) (26-05-2025 18:20:37)
Gestartet von C:\Users\emqi-\Downloads\FRST64.exe
Geladene Profile: emqi-
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmanager.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver.exe
(C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Lightroom Classic\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe ->) (Adobe Inc. -> Adobe) C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmanager.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe ->) (WacomCenterUI) [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co., Ltd.) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe <7>
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atieclxx.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <18>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1aafc0a9b0693712\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-03-24] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1145256 2025-04-15] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [MicrosoftEdgeAutoLaunch_3753AF0C68244FA81F8581C5B5045ECE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [164840 2024-06-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {3A6E2066-337A-4331-AA61-39FBE06617C3} - System32\Tasks\AMD Install Manager - Check For Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55426256 2025-05-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-CheckForUpdates
Task: {162516FD-20BF-4DBD-B806-F799A75C8209} - System32\Tasks\AMD Install Manager - Install Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55426256 2025-05-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-InstallUpdates -Auto
Task: {8DD8C804-A6EC-48B3-9E55-8CBF735167DA} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {C4E6387D-B865-448B-A301-A0419D69B0E5} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {92A8AEE7-551B-49B9-9442-0C174ADB5134} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-05-22] (ESET, spol. s r.o. -> ESET)
Task: {6BB8FC9C-8E91-4FC8-9E03-EFDE5A0F42CA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-05-22] (ESET, spol. s r.o. -> ESET)
Task: {C2B0E3F9-2A9A-46D6-8500-9F4F81B1C0E8} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194048 2025-04-14] (Adobe Inc. -> Adobe Inc.)
Task: {307313D2-03A0-4E0D-85E8-3EACA50D9307} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {798BA36E-8F34-4189-B853-2A80010E38C5} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {964C40C9-924E-420A-80A9-7EB30C32C8D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102808 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1F8EE3D-FCAB-465D-9A14-262AB7D39BE6} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68360 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6AF5150-E18C-49E7-9D54-4E21CB9113FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102808 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {95C5F5F2-A403-4047-A079-E42C508E954D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {12B7B082-A730-49A1-8C26-D3134FC2875A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5552BD37-EBF6-4A03-96B3-DB897BE2E8E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [213216 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {86D1E86D-2137-4A32-A3E9-56A7CDF4B05A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E81B23ED-CB9E-46C4-A01E-EC8DE63F8D46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4A13BE7-75A8-4E35-9739-D10C1358519C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D891B09F-4E2B-4758-AE8C-347881775D43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D80CDC39-C24E-4ECF-9FC7-F0713D013101} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DD2C0B0E-B6F5-4735-B579-0B0FD439A698} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {AF0E3A50-9A33-4601-8713-BE4203B29E41} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {703B758E-B8B5-4209-809C-1FDFC66DABC1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-76596380-2333717119-1847427047-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {F09DEF76-FAA8-4679-817E-49DDDCE11E27} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {78B243C9-FBC6-4154-9D8E-EC20CD493BA1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [143568 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {254EC6C8-ABBF-42C0-B38F-CC6C26B55510} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpDomain] speedport.ip

Edge:
=======
Edge Profile: C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-26]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=NMTE
Edge Extension: (Google Docs Offline) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-27]
Edge Extension: (Edge relevant text changes) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-03-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]

FireFox:
========
FF DefaultProfile: gtxv1m88.default
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\gtxv1m88.default [2025-05-17]
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release [2025-05-26]
FF Extension: (Activist – Balanced) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-17]
FF Extension: (HTTPS Everywhere) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (uBlock Origin) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-05-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
FF Extension: (Mobile View Switcher) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{fa247c57-77ac-41cd-b942-332051e15ced}.xpi [2022-07-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-04-15] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkgSvc.exe [518960 2025-04-01] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13823704 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 CorsairDeviceControlService; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe [2430504 2024-10-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9406208 2025-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1aafc0a9b0693712\amdfendrmgr.sys [37208 2025-02-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33592 2024-09-12] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AmdPpkg; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkg.sys [35120 2025-04-01] (Advanced Micro Devices -> Advanced Micro Devices)
R2 AMDRyzenMasterDriverV28; C:\Windows\system32\AMDRyzenMasterDriver.sys [61264 2025-04-23] (Advanced Micro Devices -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_66bdd11a4e97edd1\amdsafd.sys [112840 2024-05-02] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g-415347-9b12a908; C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\amdkmdag.sys [100529584 2025-05-08] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23616 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterx64; C:\Windows\System32\drivers\mtkbtfilterx.sys [345056 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1587680 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S3 ThermalFilter; C:\Windows\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [19984 2025-05-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606568 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-26 17:52 - 2025-05-26 17:52 - 000000000 ____D C:\Users\emqi-\AppData\Local\LightroomClassic1-14-WIN
2025-05-26 16:41 - 2025-05-26 16:41 - 000003900 _____ C:\Windows\system32\Tasks\AMD Install Manager - Install Updates
2025-05-26 16:39 - 2025-05-26 16:39 - 000706648 _____ C:\Windows\system32\perfh007.dat
2025-05-26 16:39 - 2025-05-26 16:39 - 000149622 _____ C:\Windows\system32\perfc007.dat
2025-05-25 16:37 - 2025-05-25 16:37 - 000027251 _____ C:\Users\emqi-\Downloads\Addition.txt
2025-05-25 16:36 - 2025-05-26 18:21 - 000025999 _____ C:\Users\emqi-\Downloads\FRST.txt
2025-05-25 16:36 - 2025-05-26 18:20 - 000000000 ____D C:\FRST
2025-05-25 16:35 - 2025-05-25 16:35 - 002405888 _____ (Farbar) C:\Users\emqi-\Downloads\FRST64.exe
2025-05-25 16:14 - 2025-05-25 16:14 - 000008720 _____ C:\Users\emqi-\Documents\SecurityCheck 20250525.txt
2025-05-25 16:05 - 2025-05-25 16:05 - 000000000 ____D C:\SecurityCheck
2025-05-25 16:04 - 2025-05-25 16:05 - 000000022 _____ C:\Users\emqi-\Downloads\SecurityCheck(2).zip
2025-05-25 15:30 - 2025-05-25 15:30 - 000000000 ____D C:\KVRT2020_Data
2025-05-25 15:29 - 2025-05-25 15:28 - 115685224 _____ (AO Kaspersky Lab) C:\Users\emqi-\Desktop\KVRT.exe
2025-05-25 15:28 - 2025-05-25 15:28 - 115685224 _____ (AO Kaspersky Lab) C:\Users\emqi-\Downloads\KVRT.exe
2025-05-25 14:58 - 2025-05-25 14:58 - 000147717 _____ C:\Users\emqi-\Downloads\Pflanzenstärkungsmittel-1.pdf
2025-05-25 14:51 - 2025-05-25 14:51 - 000147717 _____ C:\Users\emqi-\Downloads\Pflanzenstärkungsmittel.pdf
2025-05-25 13:54 - 2025-05-25 13:54 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2025.lnk
2025-05-25 13:23 - 2025-05-25 13:23 - 000000718 _____ C:\Users\emqi-\Documents\ESET Fund 20250525.txt
2025-05-23 14:38 - 2025-05-23 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMDInstallManager
2025-05-22 13:33 - 2025-05-26 17:36 - 000001385 _____ C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-22 13:33 - 2025-05-26 17:36 - 000001279 _____ C:\Users\emqi-\Desktop\ESET Online Scanner.lnk
2025-05-22 13:32 - 2025-05-22 13:32 - 008412528 _____ (ESET) C:\Users\emqi-\Downloads\esetonlinescanner.exe
2025-05-22 13:18 - 2025-05-25 13:45 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-05-18 16:27 - 2025-05-18 16:28 - 000001890 _____ C:\Users\emqi-\Desktop\kprm-20250518162754.txt
2025-05-18 16:27 - 2025-05-18 16:27 - 000000000 ____D C:\KPRM
2025-05-18 15:15 - 2025-05-18 15:15 - 000492893 _____ C:\Users\emqi-\Downloads\SecurityCheck(1).zip
2025-05-18 15:10 - 2025-05-26 16:32 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2025-05-18 15:09 - 2025-05-23 14:38 - 000004054 _____ C:\Windows\system32\Tasks\AMD Install Manager - Check For Updates
2025-05-18 15:09 - 2025-05-18 15:09 - 000002618 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask
2025-05-18 15:09 - 2025-05-18 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2025-05-18 15:09 - 2025-05-18 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2025-05-18 15:08 - 2025-05-08 05:22 - 002193792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 002092440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 002092440 _____ C:\Windows\system32\vulkaninfo.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001832320 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001832320 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001630592 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001630592 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001610512 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001610512 _____ C:\Windows\system32\vulkan-1.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001421448 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001421448 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001328024 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001184128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001068416 _____ (AMD) C:\Windows\system32\atieclxx.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000998272 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000631168 _____ C:\Windows\system32\GameManager64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000609488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000559488 _____ C:\Windows\system32\atieah64.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000556280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000526208 _____ C:\Windows\system32\EEURestart.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000479104 _____ C:\Windows\SysWOW64\GameManager32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000473504 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000422304 _____ C:\Windows\SysWOW64\atieah32.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000200576 _____ (AMD) C:\Windows\system32\atimuixx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000190848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000150400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000147328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000140160 _____ C:\Windows\system32\amdxc64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000122240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000116632 _____ C:\Windows\SysWOW64\amdxc32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 121137584 _____ C:\Windows\system32\amd_comgr_2.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 103184792 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 017760672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64_6.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 005219760 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 005006744 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000801688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000678808 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000592264 _____ C:\Windows\system32\amdgfxinfo64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000549304 _____ C:\Windows\system32\dgtrayicon.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000471456 _____ C:\Windows\system32\amdlogum.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000449920 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000405184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendr.stz
2025-05-18 15:08 - 2025-05-08 05:21 - 000344480 _____ C:\Windows\system32\clinfo.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000227768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000197552 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000177056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000145824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000067320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendrmgr.stz
2025-05-18 15:08 - 2025-05-08 05:21 - 000051584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000048544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 001748320 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 001423016 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000554720 _____ C:\Windows\system32\amdmiracast.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000169192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000169168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000162272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000141200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000141192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000134784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2025-05-18 15:08 - 2025-05-08 05:04 - 000179624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2025-05-18 15:08 - 2025-05-08 05:04 - 000154672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2025-05-18 15:08 - 2025-05-07 23:32 - 125668160 _____ C:\Windows\system32\amdxc64.so
2025-05-18 15:02 - 2025-05-18 15:03 - 043633576 _____ (Advanced Micro Devices, Inc.) C:\Users\emqi-\Downloads\amd-software-adrenalin-edition-25.5.1-minimalsetup-250513_web.exe
2025-05-18 09:00 - 2025-05-18 09:00 - 000000000 ____D C:\SecurityCheck alt
2025-05-18 08:59 - 2025-05-18 16:27 - 000000000 ____D C:\Users\emqi-\Downloads\SecurityCheck
2025-05-18 08:59 - 2025-05-18 08:59 - 000492893 _____ C:\Users\emqi-\Downloads\SecurityCheck.zip
2025-05-18 08:13 - 2025-05-18 16:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-17 17:55 - 2025-05-17 17:55 - 001427235 _____ (<hxxps://furtivex.net>) C:\Users\emqi-\Downloads\FMRS.BERS3j51.exe.part
2025-05-17 17:55 - 2025-05-17 17:55 - 000000000 _____ C:\Users\emqi-\Downloads\FMRS.exe
2025-05-15 19:31 - 2025-05-16 10:16 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-05-14 23:00 - 2025-05-26 17:41 - 000000000 ____D C:\Windows\CbsTemp
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-09 07:45 - 2025-05-09 07:45 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2025-05-04 15:25 - 2025-05-22 21:37 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2025-05-04 15:25 - 2025-05-22 21:37 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-26 18:21 - 2025-03-24 22:03 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\WTablet
2025-05-26 18:07 - 2025-03-28 23:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Malwarebytes
2025-05-26 18:06 - 2025-03-25 00:10 - 000003582 _____ C:\Windows\system32\Tasks\Launch Adobe CCXProcess
2025-05-26 17:51 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-26 17:44 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-05-26 17:43 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-05-26 16:39 - 2025-03-24 22:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-26 16:39 - 2024-10-29 15:10 - 001633252 _____ C:\Windows\system32\PerfStringBackup.INI
2025-05-26 16:39 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-05-26 16:32 - 2024-10-29 15:06 - 000010512 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-05-26 16:32 - 2024-10-29 15:06 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-05-26 16:32 - 2024-10-29 15:04 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-26 16:32 - 2024-10-29 15:04 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-05-25 22:36 - 2025-03-24 23:50 - 000000000 ____D C:\Users\emqi-\AppData\Local\CrashDumps
2025-05-25 21:12 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Packages
2025-05-25 16:05 - 2024-12-31 13:28 - 000554487 _____ (glax24 (safezone.cc)) C:\Users\emqi-\Desktop\SecurityCheck.exe
2025-05-25 15:37 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\D3DSCache
2025-05-25 15:22 - 2025-03-24 18:52 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Excel
2025-05-25 13:54 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-05-25 13:45 - 2025-03-24 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-25 13:45 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-05-25 12:27 - 2024-10-29 15:04 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-25 12:27 - 2024-10-29 15:04 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-24 17:43 - 2024-10-29 15:31 - 000000000 ____D C:\AMD
2025-05-24 17:43 - 2024-10-29 15:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-24 17:43 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-24 17:43 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-05-24 17:37 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-05-23 19:28 - 2025-03-24 22:45 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-05-23 14:35 - 2025-03-24 18:57 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD_Common
2025-05-22 13:33 - 2025-03-25 00:44 - 000000000 ____D C:\Users\emqi-\AppData\Local\ESET
2025-05-22 13:27 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-05-22 13:16 - 2024-10-29 15:04 - 000003832 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{323B8279-7486-43E6-B26C-D4E2B6221AA6}
2025-05-22 13:16 - 2024-10-29 15:04 - 000003706 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{0314DEF4-2C78-42E3-98D2-7EF5DB5F46A6}
2025-05-18 15:10 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD
2025-05-18 15:09 - 2024-10-29 15:35 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2025-05-18 15:09 - 2024-10-29 15:35 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR
2025-05-18 15:09 - 2024-10-29 15:34 - 000003152 _____ C:\Windows\system32\Tasks\StartCN
2025-05-18 15:09 - 2024-10-29 15:13 - 000000000 ____D C:\Program Files\AMD
2025-05-18 15:09 - 2024-10-29 15:06 - 000000000 ____D C:\ProgramData\Packages
2025-05-18 12:27 - 2025-03-24 18:45 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Windows
2025-05-18 08:58 - 2025-03-24 22:08 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-16 10:16 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-05-16 10:16 - 2024-04-01 09:21 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-05-16 10:05 - 2025-03-27 15:20 - 000000000 ____D C:\Users\emqi-\AppData\Local\Norton
2025-05-15 21:54 - 2024-10-29 15:11 - 000000000 ____D C:\Windows\system32\MRT
2025-05-15 06:28 - 2024-10-29 15:04 - 000475880 _____ C:\Windows\system32\FNTCACHE.DAT
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\InboxApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\DDFs
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-05-14 20:16 - 2024-10-29 15:11 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 16:03 - 2024-10-29 15:07 - 003369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-09 07:49 - 2025-03-24 23:39 - 000000000 ____D C:\ProgramData\Adobe
2025-05-09 07:45 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Adobe
2025-05-08 22:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AppLocker
2025-05-02 07:13 - 2025-03-29 11:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-29 12:57 - 2025-03-24 18:51 - 000000000 ___RD C:\Users\emqi-\OneDrive

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (26-05-2025 18:21:37)
Gestartet von C:\Users\emqi-\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) (2025-03-24 16:22:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-76596380-2333717119-1847427047-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-76596380-2333717119-1847427047-503 - Limited - Disabled)
emqi- (S-1-5-21-76596380-2333717119-1847427047-1003 - Administrator - Enabled) => C:\Users\emqi-
Gast (S-1-5-21-76596380-2333717119-1847427047-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-76596380-2333717119-1847427047-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.6.0.611 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2025 (HKLM-x32\...\PHSP_26_7) (Version: 26.7.0.15 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 7.04.09.545 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.134 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\{8D83B6D7-A61B-469A-B549-38A857A4D4AA}) (Version: 25.10.25126.1755 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.9 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.52 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.39.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.5.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{187898e5-7a9e-459f-a0ad-f2344c6f7f39}) (Version: 7.04.09.545 - Advanced Micro Devices, Inc.) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - )
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Corsair Device Control Service (HKLM\...\{3761F1BA-5697-4562-B677-E3CE0F944679}) (Version: 1.3.1 - Corsair)
Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.24.57 - Corsair)
Malwarebytes version 5.2.11.183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.11.183 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.92 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft Office Home 2024 - de-de (HKLM\...\Home2024Retail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 138.0.4 (x64 de)) (Version: 138.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 138.0.2 (x64 de)) (Version: 138.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20186 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden
RyzenMasterSDK (HKLM\...\{2FC6B840-0E0F-48D6-A461-66CB5566B9FB}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_3_0) (Version: 1.3.0 - Adobe Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.4.9-2 - Wacom Technology Corp.)

Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2025-03-24] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2025-05-18] (Advanced Micro Devices Inc.)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23355.1356.0_x64__8wekyb3d8bbwe [2024-10-29] (Microsoft Corporation)
Klick-und-Los (Vorschau) -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-03-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-03-26] (Microsoft Corp.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.1.0_x64__8wekyb3d8bbwe [2025-05-22] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-24] ()
Windows Feature Experience Pack -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{3978C7B3-066A-45B3-9361-2F73A45C1449}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [  AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [  AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2025-05-09 07:41 - 2025-05-09 07:41 - 001927680 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_calib3d310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 002507264 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_core310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000787968 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_features2d310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000525312 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_flann310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 002905088 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_imgproc310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000484352 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_video310.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 004311040 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\LicenseManager.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002655744 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\libxml2.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 007785984 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterLibrary.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 001418752 _____ (Microsoft.Graphics.Canvas.Interop) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.Graphics.Canvas.Interop.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002357248 _____ (WacomCenterUI) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2024-04-01 09:26 - 2025-05-17 16:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1      localhost

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\emqi-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\10597558318473548197\133926606644900544.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

Network Binding:
=============
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
WLAN: RZ616 Wi-Fi 6E 160MHz -> mtkwl6ex.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF3CBF81-A3ED-4414-AB3C-8EC22C186505}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{197244B8-70E2-4592-9848-893DCDBDB608}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1683ABE-C8D6-466C-8412-77EF5FFD437C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E72EA80-4B36-473D-AEBE-1CB108A9954D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

18-05-2025 15:08:32 Radeon Installer
22-05-2025 16:07:37 Windows Update
23-05-2025 16:11:18 Installed AMD_Chipset_Drivers.

==================== Fehlerhafte Geräte im Gerätemanager ============

==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (05/25/2025 10:36:49 PM) (Source: Application Error) (EventID: 1000) (User: EMQI-LIVINGPICS)
Description: Fehlerhafter Anwendungsname: ESETOnlineScanner.exe, Version: 10.34.13.0, Zeitstempel: 0x67d4488f
Fehlerhafter Modulname: WININET.dll, Version: 11.0.26100.3912, Zeitstempel: 0x0b038e12
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000aef94
Fehlerhafte Prozess-ID: 0x2ccc
Fehlerhafte Anwendungsstartzeit: 0x1dbcdb4bc20a5b1
Fehlerhafter Anwendungspfad: C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Fehlerhafter Modulpfad: C:\Windows\SYSTEM32\WININET.dll
Berichts-ID: ad517ec6-6fd2-4ea1-a227-ba540630b490
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:

Error: (05/22/2025 07:55:13 PM) (Source: Application Error) (EventID: 1000) (User: EMQI-LIVINGPICS)
Description: Fehlerhafter Anwendungsname: ESETOnlineScanner.exe, Version: 10.34.13.0, Zeitstempel: 0x67d4488f
Fehlerhafter Modulname: WININET.dll, Version: 11.0.26100.3912, Zeitstempel: 0x0b038e12
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000aef94
Fehlerhafte Prozess-ID: 0x571c
Fehlerhafte Anwendungsstartzeit: 0x1dbcb42a941f7e0
Fehlerhafter Anwendungspfad: C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Fehlerhafter Modulpfad: C:\Windows\SYSTEM32\WININET.dll
Berichts-ID: 1f8feea3-e84f-4d28-b894-eeb083b5dd6b
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:

Error: (05/22/2025 04:07:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_5260bff7a_klbg.

System Error:
Das System kann die angegebene Datei nicht finden..

Error: (05/22/2025 04:07:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_5260bff7a_arkmon.

System Error:
Das System kann die angegebene Datei nicht finden..

Error: (05/18/2025 08:58:08 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (05/17/2025 04:28:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig..

Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (05/17/2025 04:28:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert.Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {b53fcff8-0d79-4520-b680-4306dab10cf8}

Error: (05/17/2025 03:43:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).


Systemfehler:
=============
Error: (05/26/2025 04:32:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎05.‎2025 um 23:31:57 unerwartet heruntergefahren.

Error: (05/26/2025 04:32:00 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/25/2025 01:45:24 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/25/2025 01:45:24 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/23/2025 04:10:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/23/2025 02:39:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/23/2025 02:29:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎05.‎2025 um 21:50:56 unerwartet heruntergefahren.

Error: (05/23/2025 02:29:30 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.


Windows Defender:
================
Date: 2025-05-24 18:18:30
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {C1AF388C-0AFC-4985-8FFE-104B687B6C26}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: Die geplante Überprüfung wurde übersprungen, da die letzte erfolgreiche Überprüfung innerhalb der letzten 7 Tage

Date: 2025-05-17 14:17:13
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {701255D6-62AC-4CF7-B429-29A238CBD78B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12

Date: 2025-05-14 23:26:06
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {4E696057-9792-4009-8C40-DC980A396FED}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Full Scan
Benutzer: EMQI-LivingPics\emqi-
Abbruchgrund: %12

Date: 2025-05-12 17:41:30
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {D0D60AFB-DE2B-40D0-8488-0CA95AA2F517}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12

Date: 2025-05-11 15:47:58
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {38C80682-0C01-4FFA-B2A8-68969D294437}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12
Event[0]

Date: 2025-05-22 14:41:34
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-18 22:14:01
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-16 13:29:15
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-16 13:14:25
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt. 

Date: 2025-05-16 13:14:01
Description:
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt. 

CodeIntegrity:
===============
Date: 2025-05-16 10:15:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Windows signing level requirements.

Date: 2025-05-16 10:15:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

BIOS: American Megatrends International, LLC. 1.I0 12/27/2024
Hauptplatine: Micro-Star International Co., Ltd. PRO B650-S WIFI (MS-7E26)
Prozessor: AMD Ryzen 5 7500F 6-Core Processor
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 32361.99 MB
Verfügbarer physikalischer RAM: 18354.81 MB
Summe virtueller Speicher: 35305.99 MB
Verfügbarer virtueller Speicher: 16736.89 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:930.52 GB) (Free:757.81 GB) (Model: KINGSTON SNV2S1000G) NTFS
Drive d: (Volume) (Fixed) (Total:1863 GB) (Free:617.82 GB) (Model: WD_BLACK SN770 2TB) NTFS

\\?\Volume{65a0ed77-80f7-45f3-b738-502983e78c35}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{a06396d4-135d-4615-a166-2d7a28f83397}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF8DF24A)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================

M-K-D-B 26.05.2025 20:20
Bitte einen Spezialsuchlauf mit FRST ausführen.



Spezialsuche
  • Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:
    Code:
    SearchAll: Avira
  • Klicke auf den Button Datei-Suche.
  • FRST beginnt mit dem Suchlauf. Das kann einige Zeit dauern, bitte gedulde dich!
  • Am Ende wird eine Textdatei Search.txt erstellt.
  • Poste mir deren Inhalt mit deiner nächsten Antwort.

Bernd Brot 27.05.2025 06:57
Ging recht flott:
Teil 1

Code:
Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (27-05-2025 07:43:01)
Gestartet von C:\Users\emqi-\Downloads
Start-Modus: Normal

================== Datei-Suche: "SearchAll: Avira" =============

Datei:
========
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_06-32-44.log
[2025-05-15 06:32][2025-05-15 06:32] 000009223 _____ () 132FBF5C4A52698A959F2045DE7FD850 [Datei ist nicht signiert]

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_16-27-00.log
[2025-05-15 16:27][2025-05-15 16:27] 000011205 _____ () 3DCB377A27043A26DF1FF2E3EA78C29B [Datei ist nicht signiert]

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-16_09-47-11.log
[2025-05-16 09:47][2025-05-16 09:47] 000009223 _____ () D404494322C413CC2021942F3056DEF4 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-4A5AABF5.pf
[2025-05-14 23:38][2025-05-14 23:38] 000050577 _____ () B2775F81389A1F47DBD3064CAEB7E5FB [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-7AEF070C.pf
[2025-05-16 09:53][2025-05-16 09:53] 000042929 _____ () 8B61F8EDB5716DC5DE709ED442272AAE [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-80E1237E.pf
[2025-05-16 09:53][2025-05-16 09:53] 000046134 _____ () 3C184F95ACC7B2ECDDE7D885C6DDDE56 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-17D20DBA.pf
[2025-05-15 06:37][2025-05-15 06:38] 000055674 _____ () 077AC4AFAB05F6E614FF1EE329F51821 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-8506823E.pf
[2025-05-15 17:24][2025-05-15 17:24] 000049482 _____ () E0E5278B2123731CB0EF919E2B4F816F [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_OPTIMIZER_HOST.TMP-6E50DB22.pf
[2025-05-14 23:39][2025-05-14 23:39] 000015992 _____ () 7BEE6F998A3F58EBBD895E9ED360A601 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_SPOTLIGHT_SETUP_PAVWWS.-8DBC0226.pf
[2025-05-14 23:39][2025-05-14 23:39] 000033687 _____ () C6BBAFD9699513EE3BED945C0A5EFF61 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_SYSTEM_SPEEDUP.TMP-40918EEC.pf
[2025-05-14 23:39][2025-05-14 23:39] 000039680 _____ () B540899E908F10D5D884E71D5264FA5C [Datei ist nicht signiert]

C:\Users\emqi-\Pictures\Screenshots\Screenshot 2025-05-25 Avira Fallback lösch194656.png
[2025-05-25 19:46][2025-05-25 19:46] 000012727 _____ () AD61462B312C105E115D47DE5B95D33F [Datei ist nicht signiert]

C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Recent\Screenshot 2025-05-25 Avira Fallback lösch194656.lnk
[2025-05-25 19:48][2025-05-25 19:50] 000000995 _____ () 61BB6A5FCC434E43CFD4C9411D4099DC [Datei ist nicht signiert]


Ordner:
========

Registry:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
  "Version": 311,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "APPTARGETEDFEATUREDB": [
      "c:FlightingBranchName",
      "f:FlightRing",
      "t:OSVersionFull",
      "DeviceFamily"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing",
      "c:OSUILocale",
      "f:FlightingBranchName",
      "r:OEMMode"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined",
      "r:WebExperience",
      "FX_FlightIds",
      "AccountFirstChar",
      "r:WSX_Windows_Settings_Account",
      "r:InstallDate",
      "r:WSX_Runtime",
      "r:DefaultUserRegion",
      "a:GatedFeature_NI22H2",
      "r:WSX_Windows_Shell_Start",
      "a:GatedFeature_CU23H2",
      "r:ExpStates",
      "MX_FlightIds",
      "r:CIOptin",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "r:TestRN",
      "u:UpdateServiceUrl",
      "u:WUfBClientManaged",
      "r:UUSVersion",
      "DL_OSVersion",
      "r:ExpPkgs",
      "u:AllowOptionalContent",
      "n:IsMicrosoftAAD",
      "q:WidgetsAppVer",
      "c:IsDeviceRetailDemo",
      "r:IsFSOverlay",
      "a:SdbVer_NI22H2",
      "r:EdgeStableVersion",
      "r:Migrated_GatedFeature_NI22H2Setup",
      "a:SdbVer_21H2",
      "a:GatedFeature_21H2",
      "CX_FlightIds",
      "r:UtcDataHandlingPolicies",
      "v:SkypeRoomSystem",
      "r:BypassNRO",
      "c:IsVirtualDevice",
      "s:IsA9CapablePC",
      "a:SdbVer_GE24H2",
      "r:AgileBits1PasswordPluginAuthenticator"
    ],
    "CDM_OS": [
      "+CDM",
      "c:FlightIds"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CONTENT_DELIVERY_MANAGER": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "procm",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "iepe",
      "iste",
      "drgng",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "aipc",
      "ram",
      "prccn",
      "prccs",
      "prcmf",
      "ccr",
      "devfm",
      "W10ESU"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer",
      "r:TestAllowedIDFlags"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS",
      "r:FIDTSRan"
    ],
    "DBUPDATE": [
      "c:FirmwareVersion",
      "c:OEMModelBaseBoard",
      "OSArchitecture",
      "c:FirmwareManufacturer",
      "c:OEMModelNumber",
      "r:BaseBoardManufacturer",
      "c:OEMModelSKU",
      "c:OEMManufacturerName",
      "c:OEMName",
      "c:OEMModelBaseBoardVersion",
      "c:OEMModelSystemFamily",
      "c:OEMModelSystemVersion",
      "c:FirmwareReleaseDate"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull",
      "OSVersion"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd",
      "r:IsCHCapableBuild",
      "r:FSRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "c:TPMVersion",
      "c:SecureBootCapable",
      "c:ProcessorClockSpeed",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "t:SMode",
      "c:SystemVolumeTotalCapacity",
      "c:OEMManufacturerName",
      "c:OEMModelNumber",
      "a:ISVM",
      "r:AllowUpgradesWithUnsupportedTPMOrCPU",
      "r:IntelPlatformId",
      "r:IsConfigMgrEnabled",
      "f:IsFlightingEnabled",
      "r:DeviceInfoGatherSuccessful",
      "c:IsVirtualDevice",
      "r:OemPartnerRing",
      "c:FlightingBranchName",
      "a:UpgEx_CO21H2",
      "a:UpgEx_NI22H2",
      "a:UpgEx_GE24H2",
      "sku",
      "r:AADTenantId",
      "r:FIDTSRan"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "GS": [
      "t:OSSkuId",
      "t:OSVersionFull",
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "c:FlightIds",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:IsCloudDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "c:OSUILocale",
      "c:IsDomainJoined"
    ],
    "IDSPCA": [
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "f:FlightingBranchName",
      "f:IsRetailOS",
      "c:OSEdition",
      "c:IsDomainJoined",
      "c:OSUILocale",
      "n:IsMicrosoftAAD",
      "r:CurrentBranch",
      "t:IsMsftOwned",
      "t:IsTestLab",
      "t:DeviceFamily",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "t:OSVersionFull",
      "IsVM",
      "OEMModel",
      "OSVersion",
      "r:EnableCloudManagedIDS",
      "c:AADDeviceId"
    ],
    "IRISCLIENT": [
      "+IRISCLIENTBASE",
      "c:FlightIds"
    ],
    "IRISCLIENTBASE": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "r:CurrentBranch",
      "t:WCOSProductId",
      "c:InstallationType",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "f:IsRetailOS",
      "prccs",
      "prccn",
      "prcmf",
      "ram",
      "c:D3DMaxFeatureLevel",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "t:SMode",
      "t:LocalUserID",
      "r:AndroidUserOptinValue",
      "procm",
      "MX_FlightIds",
      "a:UpgEx_CO21H2",
      "r:KnownFoldersBackupStatus",
      "c:OEMModelSystemFamily",
      "OEMName_Uncleaned",
      "r:IsSpotlightEnabledInOEMTheme",
      "r:IsSpotlightThemeEnabledByOEM",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "iepe",
      "iste",
      "drgng",
      "aipc",
      "oemname",
      "smbiosdm",
      "ccr",
      "devfm",
      "W10ESU",
      "c:IsCloudDomainJoined"
    ],
    "IRISCLIENTV2": [
      "+IRISCLIENTBASE",
      "IX_FlightIds"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent",
      "r:StrictHiveSecurityReg",
      "a:GatedBlockId_21H1",
      "r:UpdateOfferedDays",
      "r:UsoScanMitigation",
      "r:GamingServicesInstalledKey",
      "v:FileExistsMscoreeDll",
      "w:NetFx3State",
      "r:WCFHTTPActivationNotificationState",
      "w:WCFHTTPActivationState",
      "r:WCFNonHTTPActivationNotificationState",
      "w:WCFNonHTTPActivationState",
      "r:DotNetMissingComponentsTroubleshooterSuccess",
      "r:IIS_ASPNET",
      "w:IIS_ASPNET_WMI",
      "r:IIS_NetFxExtensibility",
      "w:IIS_NetFxExtensibility_WMI",
      "r:WAS_NetFxEnvironment",
      "w:WAS_NetFxEnvironment_WMI",
      "v:XamlCbsActivationStore",
      "v:XamlCbsActivationStoreArm64",
      "v:OnnxruntimeVer",
      "w:ElanFingerprintDriverVersion",
      "r:AADBrokerPluginNotRegistered",
      "r:TenantId",
      "r:IppPrinterBadDefaultPdc",
      "r:FlightingOptOutState",
      "r:CloudFilesFilter",
      "r:PSAKyoceraMissingDEH",
      "r:PSATATriumphMissingDEH",
      "r:PSAXeroxMissingDEH",
      "w:PSAKyoceraInstalledName",
      "w:PSATATriumphInstalledName",
      "w:XeroxPsaInstalledName",
      "v:DmdHpControlPackageEnUs",
      "v:DmdHpControlPackageMultiloc",
      "v:DmdHpControlPackageTr",
      "v:WASDK_1_2_ARM",
      "v:WASDK_1_2_ARM64",
      "v:WASDK_1_2_DLL",
      "v:WASDK_1_2_X86",
      "r:FIDTSRan"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab",
      "c:PrimaryDiskType",
      "FX_FlightIds"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed",
      "c:ProcessorIdentifier",
      "c:ProcessorModel",
      "c:ActivationChannel",
      "c:IsCloudDomainJoined",
      "c:isCommercial",
      "c:IsDomainJoined",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:OEMSubModel",
      "c:OEMModelNumber",
      "c:OEMManufacturerName",
      "r:OobeSeeker",
      "r:DefaultUserRegion",
      "c:DeviceForm"
    ],
    "NARRATORNNV": [
      "+WU_STORE"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "OPENWITH": [
      "c:OSUILocale"
    ],
    "PHS": [
      "r:GridZoneName",
      "OEMModel",
      "c:OEMManufacturerName",
      "c:OSUILocale",
      "r:OEMSubModel",
      "DeviceFamily"
    ],
    "RULESENGINE": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "c:ProcessorModel",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "c:FlightIds",
      "c:isCommercial",
      "c:CommercialId",
      "c:SCCMClientID"
    ],
    "RUXIM": [
      "c:ActivationChannel",
      "f:FlightRing",
      "r:InstallDate",
      "f:IsFlightingEnabled",
      "a:ISVM",
      "OEMModel",
      "OSArchitecture",
      "t:OSSkuId",
      "c:SCCMClientID",
      "r:SetupDisplayedEulaVersion",
      "r:KioskMode",
      "r:OobeSeeker",
      "r:UninstallActive",
      "c:OEMManufacturerName",
      "r:OEMSubModel",
      "c:OSUILocale",
      "f:FlightingBranchName"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICEEXPERIENCES": [
      "f:FlightingBranchName",
      "f:FlightRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "t:OSSkuId",
      "r:CurrentBranch",
      "OSVersion",
      "DeviceFamily",
      "r:WSX_Windows_Settings_Account",
      "c:FlightIds",
      "r:WSX_Runtime",
      "r:WSX_Windows_Shell_Start",
      "r:WSX_Windows_AppSample",
      "r:WSX_Windows_AccountControl"
    ],
    "SERVICING_CBS": [
      "+WU",
      "osVer"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "SMARTOPTOUT": [
      "+CDM"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UCPD": [
      "c:OSUILocale",
      "c:IsDomainJoined",
      "v:UCPDVer",
      "c:IsCloudDomainJoined",
      "t:OSSkuId",
      "c:isCommercial"
    ],
    "UNEXPECTEDCODEPATHLOGGING": [
      "+UTC_STATIC",
      "t:LocalDeviceID",
      "OSVersionFull",
      "OEMModel",
      "OEMName_Uncleaned"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId",
      "r:IsFeedbackHubSelfhost",
      "c:AzureVMType",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "c:IsVirtualDevice",
      "r:IsProcessorMode",
      "r:UtcDataHandlingPolicies",
      "s:IsA9CapablePC"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "f:IsFlightingEnabled"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku",
      "c:ActivationChannel",
      "c:CommercialId",
      "r:CurrentBranch",
      "f:FlightingBranchName",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OSVersion",
      "c:SCCMClientID",
      "c:TelemetryLevel",
      "r:FlightingOptOutState"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay",
      "OSVersion",
      "n:IsMicrosoftAAD",
      "r:WOSCEndpointsSupported",
      "r:FIDTSRan"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion",
      "r:TenantId"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays",
      "u:TargetProductVersion",
      "DSS_Enrolled",
      "r:NonSecurityUpdate",
      "u:AdminOptedIntoRebootlessUpdates"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:ChinaTypeApproval_CTA",
      "p:DesiredOcpVersion",
      "r:UpgradeEligible",
      "r:AllowInPlaceUpgrade",
      "r:SH_SIPolicyCleanup",
      "r:FeatureUpdateDeadline",
      "a:DataExpDateEpoch_21H1",
      "a:UpgEx_CO21H2",
      "a:GStatus_21H1",
      "DataExpDateDelta_21H1Subtract20H1Setup",
      "TimestampDelta_21H1Subtract20H1Setup",
      "a:TimestampEpochString_21H1",
      "r:OEMSubModel",
      "c:ProcessorModel",
      "c:TPMVersion",
      "r:StayOnWindows10Timestamp",
      "a:GStatus_CO21H2Setup",
      "TimestampDelta_CO21H2SubtractCO21H2Setup",
      "DataExpDateDelta_CO21H2SubtractCO21H2Setup",
      "a:TimestampEpochString_CO21H2Setup",
      "a:DataExpDateEpoch_CO21H2Setup",
      "a:TimestampEpochString_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:GStatus_CO21H2",
      "p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
      "r:DchuNvidiaGrfxVenTest",
      "a:DataExpDateDelta_21H2Subtract20H1Setup",
      "a:TimestampEpochString_21H2",
      "a:TimestampDelta_21H2Subtract20H1Setup",
      "a:GStatus_21H2",
      "a:DataExpDateEpoch_21H2",
      "r:DSS_Enrolled_DF",
      "r:UpgradeAccepted",
      "r:SetupDisplayedEulaVersion",
      "c:ProcessorCores",
      "c:ProcessorClockSpeed",
      "c:TotalPhysicalRAM",
      "c:SecureBootCapable",
      "c:PrimaryDiskTotalCapacity",
      "r:BitDefenderInstalledKey",
      "r:BroadcomInstalledKey",
      "v:CrowdStrikeInstalledVer",
      "r:QihooInstalledKey",
      "r:Win11UpgradeAcceptedTimestamp",
      "a:UpgEx_NI22H2",
      "r:OobeNdupAcceptedTarget",
      "r:OobeNdupFU22621CommitChoice",
      "a:DataExpDateEpoch_NI22H2",
      "a:GStatus_NI22H2",
      "a:GStatus_NI22H2Setup",
      "a:TimestampEpochString_NI22H2Setup",
      "TimestampDelta_NI22H2SubtractNI22H2Setup",
      "DataExpDateDelta_NI22H2SubtractNI22H2Setup",
      "a:DataExpDateEpoch_NI22H2Setup",
      "a:TimestampEpochString_NI22H2",
      "r:IsVbsEnabled",
      "r:FODRetryPending",
      "r:UserInPlaceUpgrade",
      "v:HidparseDriversVer",
      "v:HidparseSystem32Ver",
      "v:HidparseSystem32Ver1",
      "r:CIOptin",
      "r:FlightingOptOutState",
      "p:WSUSconfigured_csp",
      "a:UpgEx_NI22H2Setup",
      "a:UpgEx_CO21H2Setup",
      "u:WUfBClientManaged",
      "u:UpdateServiceUrl",
      "u:AllowOptionalContent",
      "FX_FlightIds",
      "DL_OSVersion",
      "r:ExpPkgs",
      "r:UUSVersion",
      "MX_FlightIds",
      "r:OobeNdupFUTarget",
      "a:GStatus_NI23H2",
      "a:DataExpDateEpoch_NI23H2",
      "a:TimestampEpochString_NI23H2",
      "DataExpDateDelta_NI23H2SubtractNI22H2Setup",
      "TimestampDelta_NI23H2SubtractNI22H2Setup",
      "r:LaunchUserOOBE",
      "r:RobloxPlayer",
      "r:RobloxStudio",
      "c:VBSState",
      "r:ARCHotpatchAttached_State",
      "r:MDEWSLPluginReleaseRing",
      "r:SystemGuard_Enabled",
      "u:AdminOptedIntoRebootlessUpdates",
      "r:LaunchOobeInEndUserSession",
      "r:MDE4WSLPluginReleaseRing",
      "r:AdminOptedIntoRebootlessUpdates_Server",
      "r:IsRemoteDesktopSessionHost",
      "a:UpgEx_GE24H2",
      "s:IsA9CapablePC",
      "a:UpgEx_GE24H2Setup",
      "r:ProductType",
      "a:DataExpDateEpoch_GE24H2",
      "DataExpDateDelta_GE24H2SubtractGE24H2Setup",
      "a:DataExpDateEpoch_GE24H2Setup",
      "a:GStatus_GE24H2",
      "a:GStatus_GE24H2Setup",
      "a:TimestampEpochString_GE24H2",
      "TimestampDelta_GE24H2SubtractGE24H2Setup",
      "a:TimestampEpochString_GE24H2Setup",
      "q:AIFabricCBSStableVer",
      "c:IsVirtualDevice",
      "a:SdbVer_GE24H2",
      "r:HotpatchError",
      "r:CHPE_Disabled",
      "r:MSRT_NO_AU",
      "r:ClientHash2",
      "r:NPU_DeviceId"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "AccountFirstChar": "c:MSA_Accounts",
    "aipc": "s:IsA9CapablePC",
    "ccr": "r:ChargeCapacityRatio",
    "ChassisTypeId": "c:ChassisType",
    "CX_FlightIds": "c:CX_FlightIds",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
    "DataExpDateDelta_GE24H2SubtractGE24H2Setup": "a:DataExpDateEpoch_GE24H2_Subtract_DataExpDateEpoch_GE24H2Setup",
    "DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "DataExpDateDelta_NI23H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "devfm": "c:DeviceForm",
    "deviceClass": "DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "DL_OSVersion2": "DL_OSVersion",
    "drgng": "r:DurableDeviceRegionGeo",
    "DSS_Enrolled": "r:DSS_Enrolled_State",
    "EdgeStableVersion": "r:EdgeStableVersion",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "FX_FlightIds": "c:FlightIds",
    "iepe": "g:IsCampaignEdgePromotionEnabled",
    "iste": "g:IsCampaignSegmentTargetingEnabled",
    "IsVM": "a:ISVM",
    "IX_FlightIds": "c:FlightIds",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "MX_FlightIds": "c:FlightIds",
    "OEMModel": "c:OEMModelNumber",
    "oemname": "r:SystemManufacturer",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "prccn": "c:ProcessorCores",
    "prccs": "c:ProcessorClockSpeed",
    "prcmf": "c:ProcessorManufacturer",
    "procm": "c:ProcessorModel",
    "ram": "c:TotalPhysicalRAM",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "smbiosdm": "r:SystemProductName",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
    "TimestampDelta_GE24H2SubtractGE24H2Setup": "a:TimestampEpochString_GE24H2_Subtract_TimestampEpochString_GE24H2Setup",
    "TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup",
    "TimestampDelta_NI23H2SubtractNI22H2Setup": "a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup",
    "W10ESU": "r:Win10ConsumerESUStatus"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "DL_OSVersion": "OSVersion",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "r:EdgeStableOPV_Native": "r:EdgeStablePV_Native",
    "r:EdgeStablePV_WOW6432": "r:EdgeStableOPV_Native",
    "r:EdgeStableVersion": "r:EdgeStablePV_WOW6432",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
    "a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
    "r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
    "r:WebExperience": "r:WebExperienceWow",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "AccountFirstChar": {
      "SubLength": 1
    },
    "CX_FlightIds": {
      "Regex": "CX:[^,]*",
      "RegexDelimiter": ","
    },
    "FlightingOptOutState": {
      "Ignore": [
        "0"
      ]
    },
    "FX_FlightIds": {
      "Regex": "FX:[^,]*",
      "RegexDelimiter": ","
    },
    "IppPrinterBadDefaultPdc": {
      "Contains": "V4_No_ChangeID_Present"
    },
    "aipc": {
      "Ignore": [
        "0"
      ]
    },
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsRemoteDesktopSessionHost": {
      "Contains": "ServerRdsh"
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "IX_FlightIds": {
      "Regex": "IX:[^,]*",
      "RegexDelimiter": ","
    },
    "MX_FlightIds": {
      "Regex": "ME:[^,]*|MD:[^,]*",
      "RegexDelimiter": ","
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PSAKyoceraInstalledName": {
      "Contains": "A97ECD55.KYOCERAPrintCenter"
    },
    "PSATATriumphInstalledName": {
      "Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    },
    "StayOnWindows10Timestamp": {
      "SubLength": -3,
      "Ignore": [
        ""
      ]
    },
    "XeroxPsaInstalledName": {
      "Contains": "XeroxCorp.PrintExperience"
    }
  },
  "Registry": {
    "AADBrokerPluginNotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
      "IfExists": true
    },
    "AADTenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\CCM",
      "ValueName": "AadTenantId"
    },
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AdminOptedIntoRebootlessUpdates_Server": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "AllowRebootlessUpdates",
      "RegValueType": "REG_DWORD"
    },
    "AgileBits1PasswordPluginAuthenticator": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{3C37BDFA-BB51-4FBF-9FCE-082C9DB98DE4}",
      "IfExists": true
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AllowInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "AllowInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "AllowUpgradesWithUnsupportedTPMOrCPU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
      "RegValueType": "REG_DWORD"
    },
    "AndroidUserOptinValue": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
      "ValueName": "OptedIn",
      "RegValueType": "REG_DWORD"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "ARCHotpatchAttached_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch",
      "ValueName": "Subscription",
      "RegValueType": "REG_DWORD"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BaseBoardManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardManufacturer"
    },
    "BitDefenderInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BroadcomInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
      "IfExists": true
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "BypassNRO": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "BypassNRO",
      "RegValueType": "REG_DWORD"
    },
    "ChargeCapacityRatio": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\HealthSignals",
      "ValueName": "ChargeCapacityRatio",
      "RegValueType": "REG_DWORD"
    },
    "ChinaTypeApproval_CTA": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
      "ValueName": "ActivePolicyCode",
      "RegValueType": "REG_SZ"
    },
    "CHPE_Disabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
      "ValueName": "HotPatchRestrictions",
      "RegValueType": "REG_DWORD"
    },
    "CIOptin": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "IsContinuousInnovationOptedIn",
      "RegValueType": "REG_DWORD"
    },
    "ClientHash2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SLS",
      "ValueName": "ClientHash2",
      "RegValueType": "REG_DWORD"
    },
    "CloudFilesFilter": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
      "ValueName": "DefaultInstance",
      "RegValueType": "REG_SZ"
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DataExpDateEpoch_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "DataExpDateEpoch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVenTest": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVenTest",
      "RegValueType": "REG_DWORD"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DeviceInfoGatherSuccessful": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "DeviceInfoGatherSuccessful",
      "RegValueType": "REG_DWORD"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DotNetMissingComponentsTroubleshooterSuccess": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
      "ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_Enrolled_DF": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
      "ValueName": "WUfBDF",
      "RegValueType": "REG_DWORD"
    },
    "DSS_Enrolled_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WufbDS",
      "ValueName": "enrollmenttype",
      "RegValueType": "REG_SZ"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "DurableDeviceRegionGeo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion",
      "ValueName": "DeviceRegion",
      "RegValueType": "REG_DWORD"
    },
    "EdgeStableOPV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_WOW6432": {
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStableVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableCloudManagedIDS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\IDS",
      "ValueName": "EnableCloudManagedIDS"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "ExpPkgs": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "ExpPkgs",
      "RegValueType": "REG_SZ"
    },
    "ExpStates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
      "ValueName": "PreviewConfigs",
      "RegValueType": "REG_SZ"
    },
    "FeatureUpdateDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
      "ValueName": "ConfigureDeadlineForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "FIDTSRan": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build\\TS_Crash_56093636_Logs",
      "ValueName": "LastHr"
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FlightingOptOutState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
      "ValueName": "OptOutState",
      "RegValueType": "REG_DWORD"
    },
    "FODRetryPending": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "FODRetry",
      "RegValueType": "REG_DWORD"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "FSRing",
      "RegValueType": "REG_SZ"
    },
    "GamingServicesInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
      "IfExists": true
    },
    "GridZoneName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
      "ValueName": "GridZoneName",
      "RegValueType": "REG_SZ",
      "PersistedSourceId": "COAWOSRoot"
    },
    "GStatus_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "GStatus",
      "RegValueType": "REG_SZ"
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "HotpatchError": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "HotpatchError",
      "RegValueType": "REG_DWORD"
    },
    "IIS_ASPNET": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "IIS_NetFxExtensibility": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IntelPlatformId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
      "ValueName": "Platform Specific Field 1",
      "RegValueType": "REG_DWORD"
    },
    "IppPrinterBadDefaultPdc": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
      "ValueName": "V4_PDC_ChangeID",
      "RegValueType": "REG_SZ",
      "EncodingType": "Json"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCHCapableBuild": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
      "IfExists": true
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsConfigMgrEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
      "ValueName": "ConfigMgrEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsFeedbackHubSelfhost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
      "IfExists": true
    },
    "IsFSOverlay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\GlobMerger",
      "ValueName": "IsEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsProcessorMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
      "ValueName": "IsProcessorMode",
      "RegValueType": "REG_QWORD"
    },
    "IsRemoteDesktopSessionHost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "EditionID",
      "RegValueType": "REG_SZ"
    },
    "IsSpotlightEnabledInOEMTheme": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
      "ValueName": "WindowsSpotlight",
      "RegValueType": "REG_DWORD"
    },
    "IsSpotlightThemeEnabledByOEM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
      "ValueName": "WindowsSpotlightTheme",
      "RegValueType": "REG_DWORD"
    },
    "IsVbsEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
      "ValueName": "EnableVirtualizationBasedSecurity",
      "RegValueType": "REG_DWORD"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "KnownFoldersBackupStatus": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
      "ValueName": "OneDrive",
      "RegValueType": "REG_SZ"
    },
    "LaunchOobeInEndUserSession": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "ContinueOobeInEnduserSession"
    },
    "LaunchUserOOBE": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "LaunchUserOOBE",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MDE4WSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "MDEWSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2Setup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "MSRT_NO_AU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\MRT",
      "ValueName": "DontOfferThroughWUAU",
      "RegValueType": "REG_DWORD"
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "NonSecurityUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "NonSecurityRelease",
      "RegValueType": "REG_DWORD"
    },
    "NPU_DeviceId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Class\\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}\\0000",
      "ValueName": "MatchingDeviceId",
      "RegValueType": "REG_SZ"
    },
    "NPUEnabledDevice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
      "ValueName": "EffectsCameraAvailable",
      "RegValueType": "REG_DWORD"
    },
    "OEMMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
      "ValueName": "OOBEMode",
      "RegValueType": "REG_SZ"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OEMSubModel": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "SystemSKU",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupAcceptedTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupFU22621CommitChoice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
      "ValueName": "CommitChoice",
      "RegValueType": "REG_DWORD"
    },
    "OobeNdupFUTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "ProductType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
      "ValueName": "ProductType"
    },
    "PSAKyoceraMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
      "IfExists": true
    },
    "PSATATriumphMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
      "IfExists": true
    },
    "PSAXeroxMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
      "IfExists": true
    },
    "QihooInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
      "IfExists": true
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "RobloxPlayer": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-player",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "RobloxStudio": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-studio",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "SetupDisplayedEulaVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
      "ValueName": "SetupDisplayedEulaVersion",
      "RegValueType": "REG_DWORD"
    },
    "SH_SIPolicyCleanup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
      "ValueName": "SIPolicyCleanup",
      "RegValueType": "REG_DWORD"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "StayOnWindows10Timestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferDeclined",
      "RegValueType": "REG_QWORD"
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "StrictHiveSecurityReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
      "ValueName": "StrictHiveSecuritySet"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SystemGuard_Enabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard",
      "ValueName": "Enabled",
      "RegValueType": "REG_DWORD"
    },
    "SystemManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemManufacturer",
      "RegValueType": "REG_SZ"
    },
    "SystemProductName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemProductName",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
      "ValueName": "TenantId"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "TestAllowedIDFlags": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\TestHooks",
      "ValueName": "TestAllowedIDFlags",
      "RegValueType": "REG_DWORD"
    },
    "TestRN": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
      "ValueName": "TestRing"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TimestampEpochString_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "TimestampEpochString",
      "RegValueType": "REG_SZ"
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "UpgEx_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "UpgEx",
      "RegValueType": "REG_SZ"
    },
    "UpgradeAccepted": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
      "ValueName": "UpgradeAccepted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UpgradeEligible": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UpgradeEligible",
      "RegValueType": "REG_DWORD"
    },
    "UserInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UserInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "UsoScanMitigation": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
      "ValueName": "UsoScanNotStartingMitigationCompleted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UtcDataHandlingPolicies": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
      "ValueName": "UtcDataHandlingPolicies",
      "RegValueType": "REG_QWORD"
    },
    "UUSVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator",
      "ValueName": "LastRunVersion",
      "RegValueType": "REG_SZ"
    },
    "WAS_NetFxEnvironment": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFNonHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WebExperience": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebExperienceWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "Win10ConsumerESUStatus": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ESU",
      "ValueName": "Win10ConsumerESUStatus",
      "RegValueType": "REG_DWORD"
    },
    "Win11UpgradeAcceptedTimestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD"
    },
    "Win11UpgradeAcceptedWUSeeker": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD",
      "IfExists": true
    },
    "WindowsAccountSyncConsentApplicable": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isApplicable",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentPromptAllowed": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isSystemInitiatedPromptAllowed",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentState": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
      "ValueName": "isConsentAccepted",
      "RegValueType": "REG_DWORD"
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    },
    "WOSCEndpointsSupported": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent",
      "ValueName": "EndpointsSupported",
      "RegValueType": "REG_SZ"
    },
    "WSX_Runtime": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "ExperienceExtensions",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AccountControl": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AccountControl",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AppSample": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AppSample",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Settings_Account": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Settings.Account",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Shell_Start": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Shell.StartMenu",
      "RegValueType": "REG_SZ"
    }
  },
  "UpdatePolicy": {
    "AdminOptedIntoRebootlessUpdates": {
      "PolicyEnum": 59,
      "Enterprise": true
    },
    "AllowOptionalContent": {
      "PolicyEnum": 58,
      "Enterprise": true
    },
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetProductVersion": {
      "PolicyEnum": 53,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    },
    "WUfBClientManaged": {
      "PolicyEnum": 32,
      "Enterprise": true
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CrowdStrikeInstalledVer": {
      "Path": "drivers\\CrowdStrike\\CSAgent.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "DmdHpControlPackageEnUs": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageMultiloc": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageTr": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "FileExistsMscoreeDll": {
      "Path": "%windir%\\\\system32\\\\mscoree.dll",
      "IfExists": true
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "HidparseDriversVer": {
      "Path": "%windir%\\system32\\drivers\\hidparse.sys"
    },
    "HidparseSystem32Ver": {
      "Path": "%windir%\\system32"
    },
    "HidparseSystem32Ver1": {
      "Path": "%windir%\\system32\\hidparse.sys"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "OnnxruntimeVer": {
      "Path": "%windir%\\\\system32\\\\onnxruntime.dll"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "UCPDVer": {
      "Path": "\\drivers\\UCPD.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WASDK_1_2_ARM": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_ARM64": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_DLL": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_X86": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x86__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "XamlCbsActivationStore": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    },
    "XamlCbsActivationStoreArm64": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "Policy": {
    "DesiredOcpVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
    },
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    },
    "SetPolicyDrivenUpdateSourceForFeatureUpdates": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
    },
    "WSUSconfigured_csp": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
    }
  },
  "AppInfo": {
    "AIFabricCBSStableVer": {
      "Name": "Microsoft.WindowsAppRuntime.CBS.1.6"
    },
    "WidgetsAppVer": {
      "Name": "MicrosoftWindows.Client.WebExperience"
    }
  },
  "WMI": {
    "ElanFingerprintDriverVersion": {
      "Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
      "Name": "DriverVersion",
      "Timeout": 2000
    },
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    },

Bernd Brot 27.05.2025 07:08
Teil 2

Code:
    "IIS_ASPNET_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "IIS_NetFxExtensibility_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "NetFx3State": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "PSAKyoceraInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
      "Name": "Name",
      "Timeout": 2000
    },
    "PSATATriumphInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
      "Name": "Name",
      "Timeout": 2000
    },
    "WAS_NetFxEnvironment_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFNonHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "XeroxPsaInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
      "Name": "Name",
      "Timeout": 2000
    }
  },
  "RegionPolicy": {
    "IsCampaignEdgePromotionEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"
    },
    "IsCampaignSegmentTargetingEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{36996754-E327-483A-902F-523E2BA03239}"
    }
  }
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
  "Version": 311,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "APPTARGETEDFEATUREDB": [
      "c:FlightingBranchName",
      "f:FlightRing",
      "t:OSVersionFull",
      "DeviceFamily"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing",
      "c:OSUILocale",
      "f:FlightingBranchName",
      "r:OEMMode"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined",
      "r:WebExperience",
      "FX_FlightIds",
      "AccountFirstChar",
      "r:WSX_Windows_Settings_Account",
      "r:InstallDate",
      "r:WSX_Runtime",
      "r:DefaultUserRegion",
      "a:GatedFeature_NI22H2",
      "r:WSX_Windows_Shell_Start",
      "a:GatedFeature_CU23H2",
      "r:ExpStates",
      "MX_FlightIds",
      "r:CIOptin",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "r:TestRN",
      "u:UpdateServiceUrl",
      "u:WUfBClientManaged",
      "r:UUSVersion",
      "DL_OSVersion",
      "r:ExpPkgs",
      "u:AllowOptionalContent",
      "n:IsMicrosoftAAD",
      "q:WidgetsAppVer",
      "c:IsDeviceRetailDemo",
      "r:IsFSOverlay",
      "a:SdbVer_NI22H2",
      "r:EdgeStableVersion",
      "r:Migrated_GatedFeature_NI22H2Setup",
      "a:SdbVer_21H2",
      "a:GatedFeature_21H2",
      "CX_FlightIds",
      "r:UtcDataHandlingPolicies",
      "v:SkypeRoomSystem",
      "r:BypassNRO",
      "c:IsVirtualDevice",
      "s:IsA9CapablePC",
      "a:SdbVer_GE24H2",
      "r:AgileBits1PasswordPluginAuthenticator"
    ],
    "CDM_OS": [
      "+CDM",
      "c:FlightIds"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CONTENT_DELIVERY_MANAGER": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "procm",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "iepe",
      "iste",
      "drgng",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "aipc",
      "ram",
      "prccn",
      "prccs",
      "prcmf",
      "ccr",
      "devfm",
      "W10ESU"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer",
      "r:TestAllowedIDFlags"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS",
      "r:FIDTSRan"
    ],
    "DBUPDATE": [
      "c:FirmwareVersion",
      "c:OEMModelBaseBoard",
      "OSArchitecture",
      "c:FirmwareManufacturer",
      "c:OEMModelNumber",
      "r:BaseBoardManufacturer",
      "c:OEMModelSKU",
      "c:OEMManufacturerName",
      "c:OEMName",
      "c:OEMModelBaseBoardVersion",
      "c:OEMModelSystemFamily",
      "c:OEMModelSystemVersion",
      "c:FirmwareReleaseDate"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull",
      "OSVersion"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd",
      "r:IsCHCapableBuild",
      "r:FSRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "c:TPMVersion",
      "c:SecureBootCapable",
      "c:ProcessorClockSpeed",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "t:SMode",
      "c:SystemVolumeTotalCapacity",
      "c:OEMManufacturerName",
      "c:OEMModelNumber",
      "a:ISVM",
      "r:AllowUpgradesWithUnsupportedTPMOrCPU",
      "r:IntelPlatformId",
      "r:IsConfigMgrEnabled",
      "f:IsFlightingEnabled",
      "r:DeviceInfoGatherSuccessful",
      "c:IsVirtualDevice",
      "r:OemPartnerRing",
      "c:FlightingBranchName",
      "a:UpgEx_CO21H2",
      "a:UpgEx_NI22H2",
      "a:UpgEx_GE24H2",
      "sku",
      "r:AADTenantId",
      "r:FIDTSRan"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "GS": [
      "t:OSSkuId",
      "t:OSVersionFull",
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "c:FlightIds",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:IsCloudDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "c:OSUILocale",
      "c:IsDomainJoined"
    ],
    "IDSPCA": [
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "f:FlightingBranchName",
      "f:IsRetailOS",
      "c:OSEdition",
      "c:IsDomainJoined",
      "c:OSUILocale",
      "n:IsMicrosoftAAD",
      "r:CurrentBranch",
      "t:IsMsftOwned",
      "t:IsTestLab",
      "t:DeviceFamily",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "t:OSVersionFull",
      "IsVM",
      "OEMModel",
      "OSVersion",
      "r:EnableCloudManagedIDS",
      "c:AADDeviceId"
    ],
    "IRISCLIENT": [
      "+IRISCLIENTBASE",
      "c:FlightIds"
    ],
    "IRISCLIENTBASE": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "r:CurrentBranch",
      "t:WCOSProductId",
      "c:InstallationType",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "f:IsRetailOS",
      "prccs",
      "prccn",
      "prcmf",
      "ram",
      "c:D3DMaxFeatureLevel",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "t:SMode",
      "t:LocalUserID",
      "r:AndroidUserOptinValue",
      "procm",
      "MX_FlightIds",
      "a:UpgEx_CO21H2",
      "r:KnownFoldersBackupStatus",
      "c:OEMModelSystemFamily",
      "OEMName_Uncleaned",
      "r:IsSpotlightEnabledInOEMTheme",
      "r:IsSpotlightThemeEnabledByOEM",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "iepe",
      "iste",
      "drgng",
      "aipc",
      "oemname",
      "smbiosdm",
      "ccr",
      "devfm",
      "W10ESU",
      "c:IsCloudDomainJoined"
    ],
    "IRISCLIENTV2": [
      "+IRISCLIENTBASE",
      "IX_FlightIds"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent",
      "r:StrictHiveSecurityReg",
      "a:GatedBlockId_21H1",
      "r:UpdateOfferedDays",
      "r:UsoScanMitigation",
      "r:GamingServicesInstalledKey",
      "v:FileExistsMscoreeDll",
      "w:NetFx3State",
      "r:WCFHTTPActivationNotificationState",
      "w:WCFHTTPActivationState",
      "r:WCFNonHTTPActivationNotificationState",
      "w:WCFNonHTTPActivationState",
      "r:DotNetMissingComponentsTroubleshooterSuccess",
      "r:IIS_ASPNET",
      "w:IIS_ASPNET_WMI",
      "r:IIS_NetFxExtensibility",
      "w:IIS_NetFxExtensibility_WMI",
      "r:WAS_NetFxEnvironment",
      "w:WAS_NetFxEnvironment_WMI",
      "v:XamlCbsActivationStore",
      "v:XamlCbsActivationStoreArm64",
      "v:OnnxruntimeVer",
      "w:ElanFingerprintDriverVersion",
      "r:AADBrokerPluginNotRegistered",
      "r:TenantId",
      "r:IppPrinterBadDefaultPdc",
      "r:FlightingOptOutState",
      "r:CloudFilesFilter",
      "r:PSAKyoceraMissingDEH",
      "r:PSATATriumphMissingDEH",
      "r:PSAXeroxMissingDEH",
      "w:PSAKyoceraInstalledName",
      "w:PSATATriumphInstalledName",
      "w:XeroxPsaInstalledName",
      "v:DmdHpControlPackageEnUs",
      "v:DmdHpControlPackageMultiloc",
      "v:DmdHpControlPackageTr",
      "v:WASDK_1_2_ARM",
      "v:WASDK_1_2_ARM64",
      "v:WASDK_1_2_DLL",
      "v:WASDK_1_2_X86",
      "r:FIDTSRan"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab",
      "c:PrimaryDiskType",
      "FX_FlightIds"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed",
      "c:ProcessorIdentifier",
      "c:ProcessorModel",
      "c:ActivationChannel",
      "c:IsCloudDomainJoined",
      "c:isCommercial",
      "c:IsDomainJoined",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:OEMSubModel",
      "c:OEMModelNumber",
      "c:OEMManufacturerName",
      "r:OobeSeeker",
      "r:DefaultUserRegion",
      "c:DeviceForm"
    ],
    "NARRATORNNV": [
      "+WU_STORE"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "OPENWITH": [
      "c:OSUILocale"
    ],
    "PHS": [
      "r:GridZoneName",
      "OEMModel",
      "c:OEMManufacturerName",
      "c:OSUILocale",
      "r:OEMSubModel",
      "DeviceFamily"
    ],
    "RULESENGINE": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "c:ProcessorModel",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "c:FlightIds",
      "c:isCommercial",
      "c:CommercialId",
      "c:SCCMClientID"
    ],
    "RUXIM": [
      "c:ActivationChannel",
      "f:FlightRing",
      "r:InstallDate",
      "f:IsFlightingEnabled",
      "a:ISVM",
      "OEMModel",
      "OSArchitecture",
      "t:OSSkuId",
      "c:SCCMClientID",
      "r:SetupDisplayedEulaVersion",
      "r:KioskMode",
      "r:OobeSeeker",
      "r:UninstallActive",
      "c:OEMManufacturerName",
      "r:OEMSubModel",
      "c:OSUILocale",
      "f:FlightingBranchName"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICEEXPERIENCES": [
      "f:FlightingBranchName",
      "f:FlightRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "t:OSSkuId",
      "r:CurrentBranch",
      "OSVersion",
      "DeviceFamily",
      "r:WSX_Windows_Settings_Account",
      "c:FlightIds",
      "r:WSX_Runtime",
      "r:WSX_Windows_Shell_Start",
      "r:WSX_Windows_AppSample",
      "r:WSX_Windows_AccountControl"
    ],
    "SERVICING_CBS": [
      "+WU",
      "osVer"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "SMARTOPTOUT": [
      "+CDM"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UCPD": [
      "c:OSUILocale",
      "c:IsDomainJoined",
      "v:UCPDVer",
      "c:IsCloudDomainJoined",
      "t:OSSkuId",
      "c:isCommercial"
    ],
    "UNEXPECTEDCODEPATHLOGGING": [
      "+UTC_STATIC",
      "t:LocalDeviceID",
      "OSVersionFull",
      "OEMModel",
      "OEMName_Uncleaned"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId",
      "r:IsFeedbackHubSelfhost",
      "c:AzureVMType",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "c:IsVirtualDevice",
      "r:IsProcessorMode",
      "r:UtcDataHandlingPolicies",
      "s:IsA9CapablePC"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "f:IsFlightingEnabled"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku",
      "c:ActivationChannel",
      "c:CommercialId",
      "r:CurrentBranch",
      "f:FlightingBranchName",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OSVersion",
      "c:SCCMClientID",
      "c:TelemetryLevel",
      "r:FlightingOptOutState"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay",
      "OSVersion",
      "n:IsMicrosoftAAD",
      "r:WOSCEndpointsSupported",
      "r:FIDTSRan"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion",
      "r:TenantId"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays",
      "u:TargetProductVersion",
      "DSS_Enrolled",
      "r:NonSecurityUpdate",
      "u:AdminOptedIntoRebootlessUpdates"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:ChinaTypeApproval_CTA",
      "p:DesiredOcpVersion",
      "r:UpgradeEligible",
      "r:AllowInPlaceUpgrade",
      "r:SH_SIPolicyCleanup",
      "r:FeatureUpdateDeadline",
      "a:DataExpDateEpoch_21H1",
      "a:UpgEx_CO21H2",
      "a:GStatus_21H1",
      "DataExpDateDelta_21H1Subtract20H1Setup",
      "TimestampDelta_21H1Subtract20H1Setup",
      "a:TimestampEpochString_21H1",
      "r:OEMSubModel",
      "c:ProcessorModel",
      "c:TPMVersion",
      "r:StayOnWindows10Timestamp",
      "a:GStatus_CO21H2Setup",
      "TimestampDelta_CO21H2SubtractCO21H2Setup",
      "DataExpDateDelta_CO21H2SubtractCO21H2Setup",
      "a:TimestampEpochString_CO21H2Setup",
      "a:DataExpDateEpoch_CO21H2Setup",
      "a:TimestampEpochString_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:GStatus_CO21H2",
      "p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
      "r:DchuNvidiaGrfxVenTest",
      "a:DataExpDateDelta_21H2Subtract20H1Setup",
      "a:TimestampEpochString_21H2",
      "a:TimestampDelta_21H2Subtract20H1Setup",
      "a:GStatus_21H2",
      "a:DataExpDateEpoch_21H2",
      "r:DSS_Enrolled_DF",
      "r:UpgradeAccepted",
      "r:SetupDisplayedEulaVersion",
      "c:ProcessorCores",
      "c:ProcessorClockSpeed",
      "c:TotalPhysicalRAM",
      "c:SecureBootCapable",
      "c:PrimaryDiskTotalCapacity",
      "r:BitDefenderInstalledKey",
      "r:BroadcomInstalledKey",
      "v:CrowdStrikeInstalledVer",
      "r:QihooInstalledKey",
      "r:Win11UpgradeAcceptedTimestamp",
      "a:UpgEx_NI22H2",
      "r:OobeNdupAcceptedTarget",
      "r:OobeNdupFU22621CommitChoice",
      "a:DataExpDateEpoch_NI22H2",
      "a:GStatus_NI22H2",
      "a:GStatus_NI22H2Setup",
      "a:TimestampEpochString_NI22H2Setup",
      "TimestampDelta_NI22H2SubtractNI22H2Setup",
      "DataExpDateDelta_NI22H2SubtractNI22H2Setup",
      "a:DataExpDateEpoch_NI22H2Setup",
      "a:TimestampEpochString_NI22H2",
      "r:IsVbsEnabled",
      "r:FODRetryPending",
      "r:UserInPlaceUpgrade",
      "v:HidparseDriversVer",
      "v:HidparseSystem32Ver",
      "v:HidparseSystem32Ver1",
      "r:CIOptin",
      "r:FlightingOptOutState",
      "p:WSUSconfigured_csp",
      "a:UpgEx_NI22H2Setup",
      "a:UpgEx_CO21H2Setup",
      "u:WUfBClientManaged",
      "u:UpdateServiceUrl",
      "u:AllowOptionalContent",
      "FX_FlightIds",
      "DL_OSVersion",
      "r:ExpPkgs",
      "r:UUSVersion",
      "MX_FlightIds",
      "r:OobeNdupFUTarget",
      "a:GStatus_NI23H2",
      "a:DataExpDateEpoch_NI23H2",
      "a:TimestampEpochString_NI23H2",
      "DataExpDateDelta_NI23H2SubtractNI22H2Setup",
      "TimestampDelta_NI23H2SubtractNI22H2Setup",
      "r:LaunchUserOOBE",
      "r:RobloxPlayer",
      "r:RobloxStudio",
      "c:VBSState",
      "r:ARCHotpatchAttached_State",
      "r:MDEWSLPluginReleaseRing",
      "r:SystemGuard_Enabled",
      "u:AdminOptedIntoRebootlessUpdates",
      "r:LaunchOobeInEndUserSession",
      "r:MDE4WSLPluginReleaseRing",
      "r:AdminOptedIntoRebootlessUpdates_Server",
      "r:IsRemoteDesktopSessionHost",
      "a:UpgEx_GE24H2",
      "s:IsA9CapablePC",
      "a:UpgEx_GE24H2Setup",
      "r:ProductType",
      "a:DataExpDateEpoch_GE24H2",
      "DataExpDateDelta_GE24H2SubtractGE24H2Setup",
      "a:DataExpDateEpoch_GE24H2Setup",
      "a:GStatus_GE24H2",
      "a:GStatus_GE24H2Setup",
      "a:TimestampEpochString_GE24H2",
      "TimestampDelta_GE24H2SubtractGE24H2Setup",
      "a:TimestampEpochString_GE24H2Setup",
      "q:AIFabricCBSStableVer",
      "c:IsVirtualDevice",
      "a:SdbVer_GE24H2",
      "r:HotpatchError",
      "r:CHPE_Disabled",
      "r:MSRT_NO_AU",
      "r:ClientHash2",
      "r:NPU_DeviceId"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "AccountFirstChar": "c:MSA_Accounts",
    "aipc": "s:IsA9CapablePC",
    "ccr": "r:ChargeCapacityRatio",
    "ChassisTypeId": "c:ChassisType",
    "CX_FlightIds": "c:CX_FlightIds",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
    "DataExpDateDelta_GE24H2SubtractGE24H2Setup": "a:DataExpDateEpoch_GE24H2_Subtract_DataExpDateEpoch_GE24H2Setup",
    "DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "DataExpDateDelta_NI23H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "devfm": "c:DeviceForm",
    "deviceClass": "DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "DL_OSVersion2": "DL_OSVersion",
    "drgng": "r:DurableDeviceRegionGeo",
    "DSS_Enrolled": "r:DSS_Enrolled_State",
    "EdgeStableVersion": "r:EdgeStableVersion",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "FX_FlightIds": "c:FlightIds",
    "iepe": "g:IsCampaignEdgePromotionEnabled",
    "iste": "g:IsCampaignSegmentTargetingEnabled",
    "IsVM": "a:ISVM",
    "IX_FlightIds": "c:FlightIds",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "MX_FlightIds": "c:FlightIds",
    "OEMModel": "c:OEMModelNumber",
    "oemname": "r:SystemManufacturer",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "prccn": "c:ProcessorCores",
    "prccs": "c:ProcessorClockSpeed",
    "prcmf": "c:ProcessorManufacturer",
    "procm": "c:ProcessorModel",
    "ram": "c:TotalPhysicalRAM",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "smbiosdm": "r:SystemProductName",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
    "TimestampDelta_GE24H2SubtractGE24H2Setup": "a:TimestampEpochString_GE24H2_Subtract_TimestampEpochString_GE24H2Setup",
    "TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup",
    "TimestampDelta_NI23H2SubtractNI22H2Setup": "a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup",
    "W10ESU": "r:Win10ConsumerESUStatus"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "DL_OSVersion": "OSVersion",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "r:EdgeStableOPV_Native": "r:EdgeStablePV_Native",
    "r:EdgeStablePV_WOW6432": "r:EdgeStableOPV_Native",
    "r:EdgeStableVersion": "r:EdgeStablePV_WOW6432",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
    "a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
    "r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
    "r:WebExperience": "r:WebExperienceWow",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "AccountFirstChar": {
      "SubLength": 1
    },
    "CX_FlightIds": {
      "Regex": "CX:[^,]*",
      "RegexDelimiter": ","
    },
    "FlightingOptOutState": {
      "Ignore": [
        "0"
      ]
    },
    "FX_FlightIds": {
      "Regex": "FX:[^,]*",
      "RegexDelimiter": ","
    },
    "IppPrinterBadDefaultPdc": {
      "Contains": "V4_No_ChangeID_Present"
    },
    "aipc": {
      "Ignore": [
        "0"
      ]
    },
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsRemoteDesktopSessionHost": {
      "Contains": "ServerRdsh"
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "IX_FlightIds": {
      "Regex": "IX:[^,]*",
      "RegexDelimiter": ","
    },
    "MX_FlightIds": {
      "Regex": "ME:[^,]*|MD:[^,]*",
      "RegexDelimiter": ","
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PSAKyoceraInstalledName": {
      "Contains": "A97ECD55.KYOCERAPrintCenter"
    },
    "PSATATriumphInstalledName": {
      "Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    },
    "StayOnWindows10Timestamp": {
      "SubLength": -3,
      "Ignore": [
        ""
      ]
    },
    "XeroxPsaInstalledName": {
      "Contains": "XeroxCorp.PrintExperience"
    }
  },
  "Registry": {
    "AADBrokerPluginNotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
      "IfExists": true
    },
    "AADTenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\CCM",
      "ValueName": "AadTenantId"
    },
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AdminOptedIntoRebootlessUpdates_Server": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "AllowRebootlessUpdates",
      "RegValueType": "REG_DWORD"
    },
    "AgileBits1PasswordPluginAuthenticator": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{3C37BDFA-BB51-4FBF-9FCE-082C9DB98DE4}",
      "IfExists": true
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AllowInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "AllowInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "AllowUpgradesWithUnsupportedTPMOrCPU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
      "RegValueType": "REG_DWORD"
    },
    "AndroidUserOptinValue": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
      "ValueName": "OptedIn",
      "RegValueType": "REG_DWORD"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "ARCHotpatchAttached_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch",
      "ValueName": "Subscription",
      "RegValueType": "REG_DWORD"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BaseBoardManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardManufacturer"
    },
    "BitDefenderInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BroadcomInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
      "IfExists": true
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "BypassNRO": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "BypassNRO",
      "RegValueType": "REG_DWORD"
    },
    "ChargeCapacityRatio": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\HealthSignals",
      "ValueName": "ChargeCapacityRatio",
      "RegValueType": "REG_DWORD"
    },
    "ChinaTypeApproval_CTA": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
      "ValueName": "ActivePolicyCode",
      "RegValueType": "REG_SZ"
    },
    "CHPE_Disabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
      "ValueName": "HotPatchRestrictions",
      "RegValueType": "REG_DWORD"
    },
    "CIOptin": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "IsContinuousInnovationOptedIn",
      "RegValueType": "REG_DWORD"
    },
    "ClientHash2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SLS",
      "ValueName": "ClientHash2",
      "RegValueType": "REG_DWORD"
    },
    "CloudFilesFilter": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
      "ValueName": "DefaultInstance",
      "RegValueType": "REG_SZ"
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DataExpDateEpoch_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "DataExpDateEpoch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVenTest": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVenTest",
      "RegValueType": "REG_DWORD"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DeviceInfoGatherSuccessful": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "DeviceInfoGatherSuccessful",
      "RegValueType": "REG_DWORD"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DotNetMissingComponentsTroubleshooterSuccess": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
      "ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_Enrolled_DF": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
      "ValueName": "WUfBDF",
      "RegValueType": "REG_DWORD"
    },
    "DSS_Enrolled_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WufbDS",
      "ValueName": "enrollmenttype",
      "RegValueType": "REG_SZ"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "DurableDeviceRegionGeo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion",
      "ValueName": "DeviceRegion",
      "RegValueType": "REG_DWORD"
    },
    "EdgeStableOPV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_WOW6432": {
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStableVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableCloudManagedIDS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\IDS",
      "ValueName": "EnableCloudManagedIDS"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "ExpPkgs": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "ExpPkgs",
      "RegValueType": "REG_SZ"
    },
    "ExpStates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
      "ValueName": "PreviewConfigs",
      "RegValueType": "REG_SZ"
    },
    "FeatureUpdateDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
      "ValueName": "ConfigureDeadlineForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "FIDTSRan": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build\\TS_Crash_56093636_Logs",
      "ValueName": "LastHr"
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FlightingOptOutState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
      "ValueName": "OptOutState",
      "RegValueType": "REG_DWORD"
    },
    "FODRetryPending": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "FODRetry",
      "RegValueType": "REG_DWORD"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "FSRing",
      "RegValueType": "REG_SZ"
    },
    "GamingServicesInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
      "IfExists": true
    },
    "GridZoneName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
      "ValueName": "GridZoneName",
      "RegValueType": "REG_SZ",
      "PersistedSourceId": "COAWOSRoot"
    },
    "GStatus_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "GStatus",
      "RegValueType": "REG_SZ"
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "HotpatchError": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "HotpatchError",
      "RegValueType": "REG_DWORD"
    },
    "IIS_ASPNET": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "IIS_NetFxExtensibility": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IntelPlatformId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
      "ValueName": "Platform Specific Field 1",
      "RegValueType": "REG_DWORD"
    },
    "IppPrinterBadDefaultPdc": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
      "ValueName": "V4_PDC_ChangeID",
      "RegValueType": "REG_SZ",
      "EncodingType": "Json"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCHCapableBuild": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
      "IfExists": true
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsConfigMgrEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
      "ValueName": "ConfigMgrEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsFeedbackHubSelfhost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
      "IfExists": true
    },
    "IsFSOverlay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\GlobMerger",
      "ValueName": "IsEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsProcessorMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
      "ValueName": "IsProcessorMode",
      "RegValueType": "REG_QWORD"
    },
    "IsRemoteDesktopSessionHost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "EditionID",
      "RegValueType": "REG_SZ"
    },
    "IsSpotlightEnabledInOEMTheme": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
      "ValueName": "WindowsSpotlight",
      "RegValueType": "REG_DWORD"
    },
    "IsSpotlightThemeEnabledByOEM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
      "ValueName": "WindowsSpotlightTheme",
      "RegValueType": "REG_DWORD"
    },
    "IsVbsEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
      "ValueName": "EnableVirtualizationBasedSecurity",
      "RegValueType": "REG_DWORD"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "KnownFoldersBackupStatus": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
      "ValueName": "OneDrive",
      "RegValueType": "REG_SZ"
    },
    "LaunchOobeInEndUserSession": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "ContinueOobeInEnduserSession"
    },
    "LaunchUserOOBE": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "LaunchUserOOBE",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MDE4WSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "MDEWSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2Setup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "MSRT_NO_AU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\MRT",
      "ValueName": "DontOfferThroughWUAU",
      "RegValueType": "REG_DWORD"
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "NonSecurityUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "NonSecurityRelease",
      "RegValueType": "REG_DWORD"
    },
    "NPU_DeviceId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Class\\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}\\0000",
      "ValueName": "MatchingDeviceId",
      "RegValueType": "REG_SZ"
    },
    "NPUEnabledDevice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
      "ValueName": "EffectsCameraAvailable",
      "RegValueType": "REG_DWORD"
    },
    "OEMMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
      "ValueName": "OOBEMode",
      "RegValueType": "REG_SZ"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OEMSubModel": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "SystemSKU",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupAcceptedTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupFU22621CommitChoice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
      "ValueName": "CommitChoice",
      "RegValueType": "REG_DWORD"
    },
    "OobeNdupFUTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "ProductType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
      "ValueName": "ProductType"
    },
    "PSAKyoceraMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
      "IfExists": true
    },
    "PSATATriumphMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
      "IfExists": true
    },
    "PSAXeroxMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
      "IfExists": true
    },
    "QihooInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
      "IfExists": true
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "RobloxPlayer": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-player",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "RobloxStudio": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-studio",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "SetupDisplayedEulaVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
      "ValueName": "SetupDisplayedEulaVersion",
      "RegValueType": "REG_DWORD"
    },
    "SH_SIPolicyCleanup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
      "ValueName": "SIPolicyCleanup",
      "RegValueType": "REG_DWORD"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "StayOnWindows10Timestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferDeclined",
      "RegValueType": "REG_QWORD"
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "StrictHiveSecurityReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
      "ValueName": "StrictHiveSecuritySet"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SystemGuard_Enabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard",
      "ValueName": "Enabled",
      "RegValueType": "REG_DWORD"
    },
    "SystemManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemManufacturer",
      "RegValueType": "REG_SZ"
    },
    "SystemProductName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemProductName",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
      "ValueName": "TenantId"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "TestAllowedIDFlags": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\TestHooks",
      "ValueName": "TestAllowedIDFlags",
      "RegValueType": "REG_DWORD"
    },
    "TestRN": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
      "ValueName": "TestRing"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TimestampEpochString_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "TimestampEpochString",
      "RegValueType": "REG_SZ"
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "UpgEx_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "UpgEx",
      "RegValueType": "REG_SZ"
    },
    "UpgradeAccepted": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
      "ValueName": "UpgradeAccepted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UpgradeEligible": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UpgradeEligible",
      "RegValueType": "REG_DWORD"
    },
    "UserInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UserInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "UsoScanMitigation": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
      "ValueName": "UsoScanNotStartingMitigationCompleted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UtcDataHandlingPolicies": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
      "ValueName": "UtcDataHandlingPolicies",
      "RegValueType": "REG_QWORD"
    },
    "UUSVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator",
      "ValueName": "LastRunVersion",
      "RegValueType": "REG_SZ"
    },
    "WAS_NetFxEnvironment": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFNonHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WebExperience": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebExperienceWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "Win10ConsumerESUStatus": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ESU",
      "ValueName": "Win10ConsumerESUStatus",
      "RegValueType": "REG_DWORD"
    },
    "Win11UpgradeAcceptedTimestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD"
    },
    "Win11UpgradeAcceptedWUSeeker": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD",
      "IfExists": true
    },
    "WindowsAccountSyncConsentApplicable": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isApplicable",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentPromptAllowed": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isSystemInitiatedPromptAllowed",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentState": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
      "ValueName": "isConsentAccepted",
      "RegValueType": "REG_DWORD"
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    },
    "WOSCEndpointsSupported": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent",
      "ValueName": "EndpointsSupported",
      "RegValueType": "REG_SZ"
    },
    "WSX_Runtime": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "ExperienceExtensions",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AccountControl": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AccountControl",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AppSample": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AppSample",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Settings_Account": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Settings.Account",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Shell_Start": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Shell.StartMenu",
      "RegValueType": "REG_SZ"
    }
  },
  "UpdatePolicy": {
    "AdminOptedIntoRebootlessUpdates": {
      "PolicyEnum": 59,
      "Enterprise": true
    },
    "AllowOptionalContent": {
      "PolicyEnum": 58,
      "Enterprise": true
    },
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetProductVersion": {
      "PolicyEnum": 53,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    },
    "WUfBClientManaged": {
      "PolicyEnum": 32,
      "Enterprise": true
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CrowdStrikeInstalledVer": {
      "Path": "drivers\\CrowdStrike\\CSAgent.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "DmdHpControlPackageEnUs": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageMultiloc": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageTr": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "FileExistsMscoreeDll": {
      "Path": "%windir%\\\\system32\\\\mscoree.dll",
      "IfExists": true
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "HidparseDriversVer": {
      "Path": "%windir%\\system32\\drivers\\hidparse.sys"
    },
    "HidparseSystem32Ver": {
      "Path": "%windir%\\system32"
    },
    "HidparseSystem32Ver1": {
      "Path": "%windir%\\system32\\hidparse.sys"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "OnnxruntimeVer": {
      "Path": "%windir%\\\\system32\\\\onnxruntime.dll"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "UCPDVer": {
      "Path": "\\drivers\\UCPD.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WASDK_1_2_ARM": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_ARM64": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_DLL": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_X86": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x86__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "XamlCbsActivationStore": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    },
    "XamlCbsActivationStoreArm64": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "Policy": {
    "DesiredOcpVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
    },
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    },
    "SetPolicyDrivenUpdateSourceForFeatureUpdates": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
    },
    "WSUSconfigured_csp": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
    }
  },
  "AppInfo": {
    "AIFabricCBSStableVer": {
      "Name": "Microsoft.WindowsAppRuntime.CBS.1.6"
    },
    "WidgetsAppVer": {
      "Name": "MicrosoftWindows.Client.WebExperience"
    }
  },
  "WMI": {
    "ElanFingerprintDriverVersion": {
      "Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
      "Name": "DriverVersion",
      "Timeout": 2000
    },
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    },
    "IIS_ASPNET_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "IIS_NetFxExtensibility_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "NetFx3State": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "PSAKyoceraInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
      "Name": "Name",
      "Timeout": 2000
    },
    "PSATATriumphInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
      "Name": "Name",
      "Timeout": 2000
    },
    "WAS_NetFxEnvironment_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFNonHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "XeroxPsaInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
      "Name": "Name",
      "Timeout": 2000
    }
  },
  "RegionPolicy": {
    "IsCampaignEdgePromotionEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"
    },
    "IsCampaignSegmentTargetingEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{36996754-E327-483A-902F-523E2BA03239}"
    }
  }
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
"DisplayName"="Avira Fallback Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
"UninstallString"=""C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe" Action=RemoveFallbackUpdater"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\NotifyIconSettings\1186091603851059062]
"ExecutablePath"="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.Systray.Application.exe"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\NotifyIconSettings\1186091603851059062]
"Publisher"="Avira Operations GmbH"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"Avira.Spotlight.UI.Application.exe"="1"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"Avira.Spotlight.UI.Application.Messaging.exe"="1"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Spotlight.UI.Application.exe"="11001"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Spotlight.UI.Application.Messaging.exe"="11001"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira fallback updater]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}avirasecurityavira.spotlight.ui.application.exe]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira fallback updater]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira phantom vpn]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira security_is1]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira system speedup_is1]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avirasecurityuninstaller]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe"="2"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe"="2"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe"="0x5341435001000000000000000700000028000000506D68004C43690001000000000000000000000A00210000503116E5042ADB0100000000000000000200000028000000000000000000004000000000000000000000000000000000AAC80100000000000100000001000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"="0x534143500100000000000000070000002800000020E20C008B5A0D0001000000000000000000000A75220000503116E5042ADB01000000000000000002000000280000000000000000000000000000002000000000000000000000000A010000000000000100000001000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Bootstrapper.exe"="0x5341435001000000000000000700000028000000506D68004C43690003000000000000000000000A00210000503116E5042ADB010000000000000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.AdministrativeRightsProvider.exe"="0x534143500100000000000000070000002800000030870300C6E9030001000000000000000000000A00210000503116E5042ADB0100000000000000000200000028000000000000000000004000000000200000000000000000000000CB000000000000000100000001000000"


====== Ende von Suche ======

M-K-D-B 27.05.2025 16:37
Danke für die Logs.

Da sind nur noch Reste von Avira. Diese entfernen wir und überprüfen die Systemdateien auf Fehler. Dies kann länger dauern, bitte gedulde dich, während die Reparatur läuft.
Du solltest auch nebenbei nichts am System arbeiten.




Reparatur mit FRST
HINWEIS AN ALLE MITLESER:
Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Markiere den gesamten Inhalt der folgenden Code-Box mit der Maus und kopiere ihn (gleichzeitiges Drücken der beiden Tasten "STRG" + "C"):
    Code:
    Start::
    CreateRestorePoint:
    CloseProcesses:
    DeleteKey: HKLM\Software\Google\Chrome
    DeleteKey: HKLM\Software\Wow6432Node\Google\Chrome
    C:\Windows\SystemTemp\Avira*.*
    C:\Windows\Prefetch\AVIRA*.*
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater
    CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winhttp reset proxy
    CMD: Bitsadmin /Reset /Allusers
    CMD: Winmgmt /salvagerepository
    CMD: Winmgmt /verifyrepository
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: dism /online /cleanup-image /restorehealth
    CMD: sfc /scannow
    Hosts:
    RemoveProxy:
    EmptyTemp:
    End::
  • Starte nun FRST und klicke direkt auf den Button Reparieren.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt die Datei fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Zum Abschluss wird das System neu gestartet.
  • Poste mir den Inhalt der Datei fixlog.txt mit deiner nächsten Antwort.

Bernd Brot 27.05.2025 18:07
Hier die fixlog.txt: (recaptcha meckert immer noch)
Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (27-05-2025 17:52:21) Run:1
Gestartet von C:\Users\emqi-\Downloads
Geladene Profile: emqi-
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\Software\Google\Chrome
DeleteKey: HKLM\Software\Wow6432Node\Google\Chrome
C:\Windows\SystemTemp\Avira*.*
C:\Windows\Prefetch\AVIRA*.*
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: dism /online /cleanup-image /restorehealth
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKLM\Software\Google\Chrome" => erfolgreich entfernt
HKLM\Software\Wow6432Node\Google\Chrome => erfolgreich entfernt

=========== "C:\Windows\SystemTemp\Avira*.*" ==========

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_06-32-44.log => erfolgreich verschoben
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_16-27-00.log => erfolgreich verschoben
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-16_09-47-11.log => erfolgreich verschoben

========= Ende -> "C:\Windows\SystemTemp\Avira*.*" ========


=========== "C:\Windows\Prefetch\AVIRA*.*" ==========

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-4A5AABF5.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-7AEF070C.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-80E1237E.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-17D20DBA.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-8506823E.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_OPTIMIZER_HOST.TMP-6E50DB22.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_SPOTLIGHT_SETUP_PAVWWS.-8DBC0226.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_SYSTEM_SPEEDUP.TMP-40918EEC.pf => erfolgreich verschoben

========= Ende -> "C:\Windows\Prefetch\AVIRA*.*" ========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32 => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS => erfolgreich entfernt
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira" => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32 => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater => erfolgreich entfernt

========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========

Softwarelizenzierungsdienst-Version: 10.0.26100.3912

Name: Windows(R), Professional edition
Beschreibung: Windows(R) Operating System, VOLUME_MAK channel
Aktivierungs-ID: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 03612-03312-003-387534-03-1031-26100.0000-0622025
Product Key-Kanal: Volume:MAK
Installations-ID: 357282190847456363003978684366485540676525023173184725049838642
Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Teil-Product Key: XD73B
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 1000
Verbleibende SKU Rearm-Anzahl: 1001
Vertrauenswrdige Zeit: 27.05.2025 17:52:30




========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.



========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.



========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.



========= Ende von CMD: =========


========= netsh winhttp reset proxy =========


Aktuelle WinHTTP-Proxyeinstellungen:

    DirectAccess (kein Proxyserver).



========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


========= Ende von CMD: =========


========= Winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= Winmgmt /verifyrepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= dism /online /cleanup-image /restorehealth =========


Tool zur Imageverwaltung fr die Bereitstellung
Version: 10.0.26100.1150

Abbildversion: 10.0.26100.4061


[==                        3.8%                          ]

[==                        4.8%                          ]

[===                        5.7%                          ]

[===                        6.7%                          ]

[====                      7.7%                          ]

[=====                      8.7%                          ]

[=====                      9.7%                          ]

[======                    10.6%                          ]

[======                    11.6%                          ]

[=======                    12.6%                          ]

[=======                    13.6%                          ]

[========                  14.6%                          ]

[========                  15.4%                          ]

[=========                  16.2%                          ]

[=========                  17.2%                          ]

[==========                18.2%                          ]

[===========                19.2%                          ]

[===========                20.2%                          ]

[============              21.1%                          ]

[============              22.1%                          ]

[=============              23.1%                          ]

[=============              23.1%                          ]

[=============              23.5%                          ]

[==============            24.5%                          ]

[==============            25.4%                          ]

[===============            26.3%                          ]

[===============            27.3%                          ]

[================          28.3%                          ]

[================          29.3%                          ]

[=================          30.3%                          ]

[==================        31.2%                          ]

[==================        32.0%                          ]

[==================        32.6%                          ]

[===================        33.6%                          ]

[====================      34.6%                          ]

[====================      34.9%                          ]

[====================      35.0%                          ]

[====================      35.8%                          ]

[=====================      36.8%                          ]

[=====================      37.7%                          ]

[======================    38.6%                          ]

[======================    39.2%                          ]

[=======================    40.2%                          ]

[=======================    41.1%                          ]

[========================  42.1%                          ]

[========================  43.1%                          ]

[=========================  44.1%                          ]

[========================== 45.1%                          ]

[========================== 46.0%                          ]

[===========================47.0%                          ]

[===========================48.0%                          ]

[===========================49.0%                          ]

[===========================50.0%                          ]

[===========================50.9%                          ]

[===========================51.9%                          ]

[===========================52.0%                          ]

[===========================52.1%                          ]

[===========================52.2%                          ]

[===========================52.5%                          ]

[===========================52.7%                          ]

[===========================52.8%                          ]

[===========================52.9%                          ]

[===========================53.0%                          ]

[===========================53.1%                          ]

[===========================53.2%                          ]

[===========================53.3%                          ]

[===========================53.4%                          ]

[===========================53.4%                          ]

[===========================53.5%                          ]

[===========================53.6%                          ]

[===========================53.7%                          ]

[===========================53.7%                          ]

[===========================53.8%                          ]

[===========================53.8%                          ]

[===========================53.9%                          ]

[===========================54.0%                          ]

[===========================54.0%                          ]

[===========================54.1%                          ]

[===========================54.2%                          ]

[===========================54.3%                          ]

[===========================54.5%                          ]

[===========================54.6%                          ]

[===========================54.8%                          ]

[===========================54.9%                          ]

[===========================55.0%                          ]

[===========================55.3%                          ]

[===========================55.3%                          ]

[===========================55.4%                          ]

[===========================56.0%                          ]

[===========================57.0%=                        ]

[===========================58.0%=                        ]

[===========================58.9%==                        ]

[===========================59.0%==                        ]

[===========================59.1%==                        ]

[===========================60.1%==                        ]

[===========================62.3%====                      ]

[===========================77.4%============              ]

[===========================84.9%=================        ]

[===========================86.7%==================        ]

[===========================88.7%===================      ]

[===========================90.5%====================      ]

[===========================92.5%=====================    ]

[==========================100.0%==========================]
Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen.
Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= sfc /scannow =========


Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.

Überprüfung 0 % abgeschlossen.
Überprüfung 0 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.


========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17011370 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 28563487 B
Edge => 0 B
Firefox => 1130793515 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9328 B
emqi- => 458081513 B

RecycleBin => 321713 B
EmptyTemp: => 1.5 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:48:55 ====

M-K-D-B 27.05.2025 18:48
Ok, gut gemacht.


Wir lassen noch ein Tool laufen.



Bitte downloade dir DoesNotBelong (DNB) auf deinen Desktop.
  • Bitte speichere alle Arbeiten und schließe alle offenen Programme, da dieses Tool alle nicht-notwendigen Prozesse während der Bereinigung beendet.
  • Rechtsklicke auf DNB und wähle Als Administrator ausführen.
  • Klicke auf Ja, um fortzufahren.
  • Bitte gedulde dich, während das Tool läuft.
  • Am Ende wird auf dem Desktop eine Datei mit dem Namen DoesNotBelong_[DatumUhrzeit].txt abgespeichert.
  • Poste mir den Inhalt dieser Datei mit deiner nächsten Antwort.

Falls der Smartscreenfilter DoesNotBelong blockieren sollte, kannst du den hier deaktivieren:
Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > App- und Browsersteuerung > Zuverlässigkeitsbasierter Schutz

Bernd Brot 28.05.2025 09:10
Bitteschön:
Code:
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# DoesNotBelong v7.8.5
# Furtivex Computer Solutions - https://furtivex.net
# OS: Microsoft Windows 11 Pro x64 24H2 Deutsch (German) - 0407 - 1252 - 850
# Benutzername: emqi- (S-1-5-21-76596380-2333717119-1847427047-1003)
# Datum: 2025_05_28__09_48_03
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #



# Prozesse:

# Treiber:

# Dienste:

# Dateien:

C:\Windows\System32\perfc007.dat
C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfh007.dat
C:\Windows\System32\perfh009.dat

# Ordner:

# Aufgaben:

AMD Install Manager - Check For Updates
AMDInstallLauncher
AMDRyzenMasterSDKTask
EOSv3 Scheduler onLogOn
EOSv3 Scheduler onTime
Launch Adobe CCXProcess
Microsoft\Office\Office Apps Prewarm
Microsoft\Office\Office Apps Prewarm Recurring
Microsoft\Office\Office Automatic Updates 2.0
Microsoft\Office\Office Background Push Maintenance
Microsoft\Office\Office ClickToRun Service Monitor
Microsoft\Office\Office Feature Updates
Microsoft\Office\Office Feature Updates Logon
Microsoft\Office\Office Performance Monitor
Microsoft\Windows\AccountHealth\RecoverabilityToastTask
Microsoft\Windows\AppID\EDP Policy Manager
Microsoft\Windows\Application Experience\MareBackup
Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp
Microsoft\Windows\Application Experience\PcaPatchDbTask
Microsoft\Windows\Application Experience\SdbinstMergeDbTask
Microsoft\Windows\Application Experience\StartupAppTask
Microsoft\Windows\ApplicationData\appuriverifierdaily
Microsoft\Windows\ApplicationData\appuriverifierinstall
Microsoft\Windows\ApplicationData\DsSvcCleanup
Microsoft\Windows\Autochk\Proxy
Microsoft\Windows\capabilityaccessmanager\maintenancetasks
Microsoft\Windows\Chkdsk\ProactiveScan
Microsoft\Windows\CloudExperienceHost\CreateObjectTask
Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask
Microsoft\Windows\Containers\CmCleanup
Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Microsoft\Windows\Defrag\ScheduledDefrag
Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
Microsoft\Windows\Diagnosis\Scheduled
Microsoft\Windows\Diagnosis\UnexpectedCodepath
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Microsoft\Windows\DiskFootprint\Diagnostics
Microsoft\Windows\DiskFootprint\StorageSense
Microsoft\Windows\Feedback\Siuf\DmClient
Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting
Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs
Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver
Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
Microsoft\Windows\Flighting\OneSettings\RefreshCache
Microsoft\Windows\input\RemoteMouseSyncDataAvailable
Microsoft\Windows\input\RemotePenSyncDataAvailable
Microsoft\Windows\input\RemoteTouchpadSyncDataAvailable
Microsoft\Windows\InstallService\RestoreDevice
Microsoft\Windows\InstallService\ScanForUpdates
Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Microsoft\Windows\InstallService\SmartRetry
Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Microsoft\Windows\Maintenance\WinSAT
Microsoft\Windows\Maps\MapsToastTask
Microsoft\Windows\Maps\MapsUpdateTask
Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies
Microsoft\Windows\PerformanceTrace\RequestTrace
Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Microsoft\Windows\PushToInstall\LoginCheck
Microsoft\Windows\PushToInstall\Registration
Microsoft\Windows\ReFsDedupSvc\Initialization
Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Microsoft\Windows\Servicing\OOBEFodSetup
Microsoft\Windows\Shell\CreateObjectTask
Microsoft\Windows\Shell\FamilySafetyMonitor
Microsoft\Windows\Shell\FamilySafetyRefreshTask
Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Microsoft\Windows\Shell\ThemesSyncedImageDownload
Microsoft\Windows\Subscription\EnableLicenseAcquisition
Microsoft\Windows\Subscription\LicenseAcquisition
Microsoft\Windows\Sustainability\PowerGridForecastTask
Microsoft\Windows\Sustainability\SustainabilityTelemetry
Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck
Microsoft\Windows\User Profile Service\HiveUploadTask
Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Microsoft\Windows\WindowsAI\Recall\InitialConfiguration
Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration
Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache
Microsoft\Windows\WindowsUpdate\Scheduled Start
Microsoft\Windows\WlanSvc\CDSSync
Microsoft\Windows\WOF\WIM-Hash-Management
Microsoft\Windows\WOF\WIM-Hash-Validation
Microsoft\Windows\WwanSvc\NotificationTask
Microsoft\Windows\WwanSvc\OobeDiscovery
Microsoft\XblGameSave\XblGameSaveTask
MicrosoftEdgeUpdateTaskMachineCore{0314DEF4-2C78-42E3-98D2-7EF5DB5F46A6}
MicrosoftEdgeUpdateTaskMachineUA{323B8279-7486-43E6-B26C-D4E2B6221AA6}
ModifyLinkUpdate
Mozilla\Firefox Background Update S-1-5-21-76596380-2333717119-1847427047-1003 308046B0AF4A39CB
Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
StartCN
StartDVR

# Registrierung:

HKLM\Software\Microsoft\Tracing\MSI_Driver_Utility_Installer_RASAPI32
HKLM\Software\Microsoft\Tracing\MSI_Driver_Utility_Installer_RASMANCS
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338389Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SystemPaneSuggestionsEnabled [1] => [0]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AMDNoiseSuppression
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_3753AF0C68244FA81F8581C5B5045ECE
HKLM\System\CurrentControlSet\Control\CrashControl\\AutoReboot [1] => [0]

# Caches:

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (67)
C:\Users\emqi-\AppData\Local\D3DSCache (14)
C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (2789)
C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (3443)
C:\Users\emqi-\AppData\Local\Microsoft\TokenBroker\Cache (24)
C:\Users\emqi-\AppData\Local\Microsoft\Windows\INetCache\IE (5)
C:\Users\emqi-\AppData\Local\Mozilla\Firefox\Profiles\<Profile>\cache2\entries (2864)
C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\<Profile>\shader-cache (38)
C:\Windows\System32\config\systemprofile\AppData\Local (1348)
C:\Windows\System32\config\systemprofile\AppData\Local\D3DSCache (4)

# Verschiedenes:

AntiVirus Software: Windows Defender
Wiederherstellungspunkt: Does Not Belong PRESCAN - Erstellt

HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity
    Enabled    REG_DWORD    0x1


HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions

HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses

HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths

HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes

HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths

C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-4A5AABF5.pf.xBAD                <50577>                <2025-05-14 21:38:59>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-7AEF070C.pf.xBAD                <42929>                <2025-05-16 07:53:33>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-80E1237E.pf.xBAD                <46134>                <2025-05-16 07:53:41>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-17D20DBA.pf.xBAD                <55674>                <2025-05-15 04:37:53>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-8506823E.pf.xBAD                <49482>                <2025-05-15 15:24:40>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA_OPTIMIZER_HOST.TMP-6E50DB22.pf.xBAD                <15992>                <2025-05-14 21:39:23>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA_SPOTLIGHT_SETUP_PAVWWS.-8DBC0226.pf.xBAD                <33687>                <2025-05-14 21:39:13>
C:\FRST\Quarantine\C\Windows\Prefetch\AVIRA_SYSTEM_SPEEDUP.TMP-40918EEC.pf.xBAD                <39680>                <2025-05-14 21:39:21>
C:\FRST\Quarantine\C\Windows\System32\Drivers\etc\hosts.xBAD                <27>                <2024-04-01 07:26:16>
C:\FRST\Quarantine\C\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_06-32-44.log.xBAD                <9223>                <2025-05-15 04:32:44>
C:\FRST\Quarantine\C\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_16-27-00.log.xBAD                <11205>                <2025-05-15 14:27:00>
C:\FRST\Quarantine\C\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-16_09-47-11.log.xBAD                <9223>                <2025-05-16 07:47:11>
C:\Users\emqi-\AppData\Local\CrashDumps\ESETOnlineScanner.exe.11468.dmp                <1589254>                <2025-05-25 20:36:51>
C:\Users\emqi-\AppData\Local\CrashDumps\ESETOnlineScanner.exe.1188.dmp                <1457406>                <2025-05-04 11:45:18>
C:\Users\emqi-\AppData\Local\CrashDumps\ESETOnlineScanner.exe.22300.dmp                <1546368>                <2025-05-22 17:55:13>
C:\Users\emqi-\AppData\Local\CrashDumps\Lightroom.exe.1436.dmp                <49724236>                <2025-05-10 00:55:47>
C:\Users\emqi-\AppData\Local\CrashDumps\Lightroom.exe.21280.dmp                <54667092>                <2025-04-18 17:43:12>
C:\Users\emqi-\AppData\Local\CrashDumps\Lightroom.exe.21664.dmp                <47105808>                <2025-04-08 17:24:15>
C:\Users\emqi-\AppData\Local\CrashDumps\WacomCenterUI.exe.1196.dmp                <11399045>                <2025-05-10 06:10:59>
C:\Users\emqi-\AppData\Local\CrashDumps\WacomCenterUI.exe.13012.dmp                <11171772>                <2025-04-11 17:20:07>
C:\Users\emqi-\AppData\Local\CrashDumps\WacomCenterUI.exe.13408.dmp                <11198102>                <2025-04-11 07:55:47>
C:\Users\emqi-\AppData\Local\CrashDumps\WacomCenterUI.exe.3764.dmp                <11272288>                <2025-04-22 15:59:34>
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.3404.protected.dmp                <2282763>                <2025-03-24 22:05:05>
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\Wacom_Tablet.exe.19872.dmp                <3340242>                <2025-05-13 16:31:13>


# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #

M-K-D-B 28.05.2025 13:30
Gut gemacht, alles sauber. :daumenhoc

Wir überprüfen noch die installierten Programme.



Führe SecurityCheck (SC) gemäß der bebilderten Anleitung aus und füge die Logdatei als Anhang hinzu.

Bernd Brot 28.05.2025 14:38
Done:
Wie bekomme ich denn jetzt dieses nervige reCaptcha Gedöns weg ?

Generell würde mich interessieren, ob bei diesen ganzen Überprüfungen ein Bildschirmschoner (oder Energiespareinstellngen)
schädlich wirken kann ? Programmabruch o.ä..
Code:
SecurityCheck by glax24 & Severnyj v.1.4.0.58 [15.08.24]
WebSite: www.safezone.cc
DateLog: 28.05.2025 15:34:02
Path starting: C:\Users\emqi-\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: emqi-
VersionXML: 13.90is-24.05.2025
___________________________________________________________________________

Windows 11 Professional (x64) Release: 24H2 (10.0.26100.4061) Lang: German(0407)
Installation date OS: 24.03.2025 16:22:05
LicenseStatus: Office 16, Office16OneNoteFreeR_Bypass edition The machine is permanently activated.
LicenseStatus: Windows(R), Professional edition The machine is permanently activated.
LicenseStatus: Office 16, Office16O365HomePremR_Grace edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [930.5 Gb] Used: [175.8 Gb] Free: [754.7 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Sicherheitscenter (wscsvc) - The service is running
Remoteregistrierung (RemoteRegistry) - The service has stopped
SSDP-Suche (SSDPSRV) - The service is running
Remotedesktopdienste (TermService) - The service has stopped
Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped
Background Intelligent Transfer Service (BITS) - The service has stopped
Übermittlungsoptimierung (DoSvc) - The service is running
Windows-Sicherheitsdienst (SecurityHealthService) - The service is running
Update Orchestrator Service (UsoSvc) - The service is running
WaaSMedicSvc (WaaSMedicSvc) - The service has stopped
Windows Update (wuauserv) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.2.11.183 v.5.2.11.183 Warning! Download Update
--------------------------- [ OtherUtilities ] ----------------------------
AMD Software v.25.5.1
Microsoft Office Home 2024 - de-de v.16.0.18730.20186
Microsoft 365 - de-de v.16.0.18730.20186
Microsoft Edge WebView2-Laufzeit v.136.0.3240.92 [+]
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Creative Cloud v.6.6.0.611
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 de) v.138.0.4
Microsoft Edge v.136.0.3240.92
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird (x64 de) v.138.0.2
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1391
Microsoft Defender Core-Dienst (MDCoreSvc) - The service is running
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe v.4.18.25040.2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe v.4.18.25040.2
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe v.4.18.25040.2
Microsoft Defender Antivirus-Dienst (WinDefend) - The service is running
Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service is running
----------------------------- [ End of Log ] ------------------------------

M-K-D-B 28.05.2025 20:37
Zitat:
Zitat von Bernd Brot (Beitrag 1791112)
Generell würde mich interessieren, ob bei diesen ganzen Überprüfungen ein Bildschirmschoner (oder Energiespareinstellngen)
schädlich wirken kann ? Programmabruch o.ä..
Nein, in der Regel hat das keinen Einfluss.



Zitat:
Zitat von Bernd Brot (Beitrag 1791112)
Wie bekomme ich denn jetzt dieses nervige reCaptcha Gedöns weg ?
Ich hab mal ein paar Infos zusammengesucht.


Recaptcha hat nichts mit Malware auf deinem System zu tun, man kann da nicht direkt was machen.

Eine kurze Google-Suche liefert folgendes:
Zitat:
Browser-Erweiterungen deaktivieren:
Einige Browser-Erweiterungen, wie Adblocker oder Ghostery, können die Anzeige von reCAPTCHA blockieren. Deaktivieren Sie diese Erweiterungen, um zu sehen, ob das Problem dadurch behoben wird.

Browserverlauf und Cookies löschen:
Durch das Löschen des Browserverlaufs und der Cookies können Sie temporäre Daten entfernen, die die IP-Adresse preisgeben könnten, von der aus Sie regelmäßig auf Ihre Konten zugreifen.

Private/Inkognito-Modus verwenden:
Wenn Sie vermuten, dass reCAPTCHA Sie als Bot ansieht, können Sie den privaten/Inkognito-Modus Ihres Browsers nutzen, um eine saubere Sitzung zu starten.

VPN oder Proxy vermeiden:
Einige Websites kennzeichnen VPN- und Proxy-Benutzer als potenzielle Bots. Wenn möglich, sollten Sie diese Dienste vermeiden, wenn Sie regelmäßig mit reCAPTCHA konfrontiert werden.

Ungewöhnliche Aktivitäten vermeiden:
Vermeiden Sie schnelles Absenden von Formularen oder mehrere Anmeldeversuche, da diese Aktivitäten als Bot-Verhalten interpretiert werden können.

Automatisches Einloggen auf dem iPhone nutzen:
Bei iPhones können Sie die automatische Verifizierung ein- oder ausschalten, um die Anzahl der CAPTCHA-Abfragen zu reduzieren, wie auf Apple Support beschrieben.

2-Faktor-Authentifizierung deaktivieren:
Bei Google-Konten können Sie die 2-Faktor-Authentifizierung deaktivieren, um die Notwendigkeit von reCAPTCHA zu umgehen, wie in der Google-Hilfe erläutert.

Auch hier finden sich ein paar Tipps:
https://support.patreon.com/hc/de-de/articles/115004119043-Warum-werden-mir-so-viele-CAPTCHAs-angezeigt



Entfernung der verwendeten Tools
Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst...:dankeschoen:
Vielleicht möchtest du das Forum mit einer kleinen Spende https://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:





Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen:

Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners



Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Bernd Brot 29.05.2025 12:43
Noch eine kleine Verständnisfrage.

Kann ich die von SC angemahnten Microsoft Visual C++....bedenkenlos deinstallieren.
Mir ist nicht ganz klar, was die eigentlich bewirken.
War, wie so vieles, beim Kauf des PC vorinstalliert.

Zitat:
Zitat von Bernd Brot (Beitrag 1791112)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------

M-K-D-B 29.05.2025 19:53
Wenn du dich selber nicht mit C++ als Programmiersprache beschäftigst, kannst du das über Start > Einstellungen > Apps auch deinstallieren.

Zitat:
War, wie so vieles, beim Kauf des PC vorinstalliert.
Ja, beim Kauf des PCs ist viel "Müll" bzw. "unnötige Software" installiert.

Daher empfehlen wir nach dem Kauf eine saubere Neuinstallation von Windows durchzuführen, damit bekommst du ein blankes Windows 10/11 und man kann nur die Software installieren, die man wirklich braucht.

Viele müllen ihr System regelrecht zu und kümmern sich nicht um die Softwarepflege.

cosinus 29.05.2025 20:35
https://www.computerbase.de/download...able-runtimes/

Was wurde bestimmt nicht manuell installiert, sondern hat irgendein Setup von einem Programm oder Spiel mitgebracht.
Das ist auch so ne richtige typische Schwäche von Windows. Man sieht zwar, dass Software installiert wurde, aber keine Abhängigkeiten und wer das installiert hat.
Wenn ich unter Debian ein Paket entferne, wird mir angezeigt, wenn es für andere Pakete erforderlich ist.

Bernd Brot 31.05.2025 12:06
Zitat:
Zitat von M-K-D-B (Beitrag 1791138)
Wenn du dich selber nicht mit C++ als Programmiersprache beschäftigst, kannst du das über Start > Einstellungen > Apps auch deinstallieren.
Sorry für die späte Rückmeldung. War unterwegs.

Tangiert das in irgendeiner Weise meine VBA Makros in EXCEL ?

Zitat:
Zitat von cosinus (Beitrag 1791141)
https://www.computerbase.de/downloads/systemtools/visual-c-redistributable-runtimes/

Das wurde bestimmt nicht manuell installiert, sondern hat irgendein Setup von einem Programm oder Spiel mitgebracht.
Das ist auch so ne richtige typische Schwäche von Windows. Man sieht zwar, dass Software installiert wurde, aber keine Abhängigkeiten und wer das installiert hat.
Wenn ich unter Debian ein Paket entferne, wird mir angezeigt, wenn es für andere Pakete erforderlich ist.
Nach der Lektüre von Computerbase bin ich mir jetzt gar nicht mehr sicher, ob es ratsam ist
das Programm wegen entsprechender DLL zu löschen ?

Was wäre Dein Rat ?

M-K-D-B 31.05.2025 12:16
Lass es drauf, wenn du dir nicht sicher bist. :D
Tut ja nicht weh.

Bernd Brot 31.05.2025 12:39
Zitat:
Zitat von M-K-D-B (Beitrag 1791175)
Lass es drauf, wenn du dir nicht sicher bist. :D
Tut ja nicht weh.
SC meckert halt fehlende Updates an.
Kann man das nicht irgendwie automatisieren ?

M-K-D-B 31.05.2025 12:56
Zitat:
Zitat von Bernd Brot (Beitrag 1791177)
SC meckert halt fehlende Updates an.
Kann man das nicht irgendwie automatisieren ?
Klar kann man das... vermutlich geht das mit chocolatey.

Infos zu chocolatey wurden schon mit dem Lesestoff "Anleitung: Maßnahmen zur Absicherung des Rechners" verlinkt... überlesen? ;)

Das ist im Bereich "Verhaltensweisen im Internet" zu finden. :)

Bernd Brot 31.05.2025 15:19
Zitat:
Zitat von M-K-D-B (Beitrag 1791178)
Klar kann man das... vermutlich geht das mit chocolatey.

Infos zu chocolatey wurden schon mit dem Lesestoff "Anleitung: Maßnahmen zur Absicherung des Rechners" verlinkt... überlesen? ;)
Asche auf mein Haupt ;-)

Vielen Dank für die allumfassende Hilfe.

Jetzt werde ich mal konzentriert den Lesestoff durchgehen....
Code:
# Run at 31.05.2025 16:14:32
# KpRm (Kernel-panik) version 2.19.0
# Website https://kernel-panik.me/tool/kprm/
# Run by emqi- from C:\Users\emqi-\Desktop
# Computer Name: EMQI-LIVINGPICS
# OS: Windows 11 X64 (26100) (10.0.26100.4061)
# Number of passes: 2

- Checked options -

    ~ Delete Tools
    ~ Delete Quarantines

- Delete Tools -


  ## ESET Online Scanner
    [OK] C:\Users\emqi-\Desktop\ESET Online Scanner.lnk deleted
    [OK] C:\Users\emqi-\Downloads\esetonlinescanner.exe deleted
    [OK] C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
    [OK] C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
    [OK] C:\Users\emqi-\Downloads\Addition.txt deleted
    [OK] C:\Users\emqi-\Downloads\Fixlog.txt deleted
    [OK] C:\Users\emqi-\Downloads\FRST.txt deleted
    [OK] C:\Users\emqi-\Downloads\FRST64.exe deleted
    [OK] C:\Users\emqi-\Downloads\Search.txt deleted
    [OK] C:\FRST deleted

  ## Kaspersky Virus Removal Tool
    [OK] C:\Users\emqi-\Desktop\KVRT.exe deleted
    [OK] C:\Users\emqi-\Downloads\KVRT.exe deleted
    [OK] C:\KVRT2020_Data deleted

  ## SecurityCheck
    [OK] C:\Users\emqi-\Desktop\SecurityCheck.exe deleted
    [OK] C:\SecurityCheck deleted

-- KPRM finished in 2.03s --

M-K-D-B 31.05.2025 16:47
Vielen Dank für die Rückmeldung. :)




Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131